This week, Microsoft announced a critical vulnerability in Windows XP, 7 and 2003 systems. This vulnerability could be exploited and spread like WannaCry. [Read Krebs, https://krebsonsecurity.com/2019/05/microsoft-patches-wormable-flaw-in-windows-xp-7-and-windows-2003/ ]
As we should realize, industrial IoT (IIoT) systems often are forced to run older versions of software, and may be running these operating systems. In addition, these workstations, embedded systems and other outdated devices running a vulnerable OS may not be quickly and easily patched. It is important to quickly develop a response strategy for this latest vulnerability to protect your industrial systems.
Posted in Vulnerabilities
https://www.dhs.gov/sites/default/files/publications/national-critical-functions-overview-508.pdf
[via CI Security] “The National Critical Functions construct provides a risk management approach that focuses on better understanding the functions that an entity enables or to which it contributes, rather than focusing on a static sector-specific or asset world view. This more holistic approach is better at capturing cross-cutting risks and associated dependencies that may have cascading impact within and across sectors. It also allows for a new way to view criticality, which is linked to the specific parts of an entity that contribute to critical functions. By viewing risk through a functional lens, we can ultimately add resilience and harden systems across the critical infrastructure ecosystem in a more targeted, prioritized, and strategic manner.”
Posted in Critical Infrastructure, Cybersecurity & Infosec, Resiliency
John D. Johnson
Every organization must face and deal with cyber risk associated with Internet of Things (IoT) devices connecting to other systems and the extended enterprise network. I had the privilege of leading a group of about 50 information security professionals in a Peer-to-Peer session at RSA Conference on March 6, 2019, and I learned that this problem is pervasive across all industries. Read More
Posted in Cybersecurity & Infosec, IoT, IIoT, ICS-SCADA
![[1/2] Docent Institute Chicago Security Speakeasy with 60 guests for drinks and dinner at the oldest private club in Chicago. A wonderful venue for a formal pre-holiday party and charity fundraiser. Thanks to my friends for making it possible, as members of this exclusive club!](https://johndjohnson.com/wp-content/plugins/instagram-feed/img/placeholder.png)