Border Wars: Incident Response vs. Forensic Investigation

Josh Beckett

In my day job, we often discuss security tools and the respective processes that generate the requirements that demand the use of such tools. Lately, we have been debating incident response tools and processes as contrasted with forensic investigation tools and processes.  Obviously, both have differing benefits that they bring to the general discipline of security.  They also have differing requirements in terms of the tool sets that they require to execute those processes.

To me, the boundaries between forensic investigation and incident response have always been rather clear.  Maybe slightly fuzzy at the exact interface between them, but not a huge gaping canyon of a zone of uncertainty.  However, lately, I'm starting to believe that out there in the rest of the community it may not be so clear.  I could be wrong...it wouldn't be the first time and I'm sure it won't be the last, especially if you ask some of my close friends.

Through the looking glass...blessing or burden?

Josh Beckett

Google Glass coming out has had some interesting implications to the world of security and forensics.  I thought the QR code vulnerability was certainly unique and akin to the drive-by RFID vulnerabilities that exist.  I'm sure we haven't seen the last of such issues.  Google, of course, says this was all part of their plan to really shake out the bugs and round the rough edges that they didn't foresee.  Is that claim more marketing than truth?  Meh, probably a little of each.  It's a nice idea, but I hardly think that even one thousand hacking oriented techies could even scratch the surface of possibilities for what this technology could potentially deliver, good and bad.  Some interesting use cases have already come about, but I think the best are still to come.

When old processes meet new technology

Josh Beckett

As usual, one article triggered a series of thoughts to connect from various news pieces that have been building up in my head over the past week.  Let's start with the most recent first.  Reading this article on what security concerns the leadership in healthcare the most got me thinking.  Particularly this quote from the article:  “The goal in healthcare generally is treating those patients, not privacy and security. You don’t see the same focus on security in healthcare that you do in the financial sector.”  Yeah, that sounds about right.  Makes sense from what I've seen and experienced.  I'm sure we've all seen that there are signs in hospitals and other health care places that say 'No Smoking, Oxygen In Use' or some such thing.  These rules make sense to all of us.  We all get it.  Problem is, there is no such rule about no hacking hospitals.  'Our pricing model doesn't let us afford ample security staff, so please don't hack us' just doesn't carry the weight as 'don't smoke or you'll blow us all up.'  Patients' health is their primary focus, thankfully, and the data is just a way to describe the current condition and progress so that you can achieve the good health outcome of your client.  Essentially, it is a model that hasn't evolved in light of the data revolution of the computer age.  This brings me to my next thought...government security clearances.

Who Turned Off the Lights? U.S. Electric Grid Sees Increase in Cyber Attacks

Ale Espinosa When news of Stuxnet broke out, the world was shocked. It was the first discovered malware to spy on and subvert industrial systems, as well as the first to include a programmable logic-controller rootkit, used to attack Iran’s nuclear facilities.

Yet, despite fears of retaliation from foreign governments against the U.S. electric grid, a recent report based on over 100 surveyed utility companies revealed alarming vulnerabilities in the nation’s energy system. The report was supported by members of the U.S. House of Representatives in an effort to bring awareness to the security gaps in the utilities sector.

Among some of the report’s key findings were:

• Attacks on the nation’s critical infrastructure – including energy – were up 68 percent from 2011
• Many utility companies reported receiving “daily,” “constant” or “frequent” cyber-attack attempts
• Among the attacks reported were phishing, malware infection, and unfriendly probes
• Most utility companies are compliant with mandatory cybersecurity standards issued by the government, but voluntary recommendations by the industry watchdog – the North America Electric Reliability Corporation (NERC) – have been ignored by many

Information Discovery and Sharing in the Wake of the Executive Order on Cybersecurity

Anthony Di Bello It’s the wake-up call CISOs, information assurance, and risk chiefs didn’t really need – but when the White House issues an executive order on “Improving Critical Infrastructure Cybersecurity,” it’s time to up our collective game. Most Fortune 500 companies and critical-infrastructure providers are already establishing and working to best practices in cyber defense and information security, but President Obama’s executive order is a call to a higher standard of readiness for cyber defense and information sharing among agencies and companies providing or servicing critical infrastructure.

We all know cybersecurity is vitally important. However, this order came about for the simple reason that the threat landscape is constantly changing and far too many organizations are far from a state of response readiness.