Wednesday Morning Must-Read on Security

Fooling around in the social media corner of the Internet this morning, and came across this link ( on Facebook via Eric Byres. It's really worth the read. Ernie Hayden CISSP CEH, Managing Principal, Energy Security, Verizon Global Energy & Utility Practice, in this article, "The new paradigm for utility information security: assume your security system has already been breached," lays out in clear language the new reality, not just for utilities, A bit disturbing, but this is the way things are now. Better get used to it.
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


  • <p> This is not a new or original security posture.  I would argue that any security staff who doesn't have this position needs to seriously re-evaluate their thought process with respect to their controls, especially in the general IT office environment.  This is why the "VLAN for Security" model is dead and irresponsible.  This mentality is also why we have ISA-99, NIST 800-82 and others - it's because the "enterprise network" cannot be trusted, and that it is to be percieved as compromised. </p> <p> This field has quite a few prior military folks - most of us who held technical or intelligence type roles assume this stance by default. As I said in an interview I did about 8-12 months ago for another publication, security is a myth - it never really existed in the first place.  That should be every ICS Security minded professional's default stance.  My two cents... </p>


  • <p><a href=""></a><br /><br /> more data points... </p>


RSS feed for comments on this page | RSS feed for all comments