Human awareness and back doors
This eight-minute video, "Anatomy of an ICS network attack," is part of the SANS Securing the Human security awareness program, and shows how to make personnel awareness programs more effective. It's accompanied by a 38-minute video, "How threats are slipping in the back door" by Deviant Ollam, security auditor and pen test consultant at the Core Group, highlight some of the exciting and shocking methods his team uses to routinely let themselves in on physical jobs.
DHS response and ICS-CERT updates
The Industrial Control Systems Cyber Emergency Response Team's (ICS-CERT) website, part of the U.S. Dept. of Homeland Security (DHS), continues to gather and distribute timely threat updates and recommendations for users about protecting their organizations and applications from unauthorized probes, malicious intrusions and cyber attacks. For participants that sign up, notifications are provided directly.
Two need-to-know videos
These two 20-minute videos, "What do you need to know cybersecurity" by Patrick Boo, product manager at ABB, provide a good overview of cybersecurity dangers faced by industrial producers; discuss industry benchmarks on cybersecurity and potential business impact; and provide examples of how to address cybersecurity in complex organizations, including assessing current state, developing first improvements and engaging multiple stakeholders for successful implementation. They're at www.youtube.com/watch?v=ota_h5ye7bI and at www.youtube.com/watch?v=fkK-SLNivD4
NIST framework and blog
The National Institute of Standards and Technology (NIST) hosts its well-known "NIST Cybersecurity Framework" at its website. It also provides useful cybersecurity documents, as well as a blog with updates on cybersecurity developments from NISTS's perspective. The site also includes FAQs, news, events, workshops and some informative videos.
Cybersecurity program management
This 55-minute webinar-to-video, "Industrial automated control system cybersecurity program management" by David Johnson of exida describes the organizational conflicts surrounding cybersecurity, and how to create policies and coordinate security activities. It also discusses key aspects of an industrial automated control system (IACS) cybersecurity program, provides concrete recommendations for getting started, and delivers references with added insight.
Graphic demo video
This colorful, five-minute video, "Cyber demo for industrial control systems" by Check Point Software Technologies provides a quick overview of cybersecurity challenges, shows how Check Point's technology can detect and prevent them, and is a good description of how anomaly detection methods work.
Industrial blog posts
The "Industrial cybersecurity blog" by Nozomi Networks covers the oil and gas and electric utilities, and includes posts from many security experts like Larry O'Brien and Sid Snitkin of ARC Advisory Group, and Chet Namboodri and Andrea Cacano of Nozomi. It also has links to videos and other materials.
Essential security video
This 75-minute video, "Cybersecurity of Industrial Control Systems," is presented by Joe Weiss as part of the Stanford University Center for Professional Development's Computer System Colloquium; covers the cybersecurity of industrial control systems in power plants and water-pumping facilities; and examines the shortcomings of current protocols and regulation in the post-Stuxnet era.
Best of last time
The previous version of this cybersecurity resources column, "Serious cybersecurity sources" by Jim Montague includes links to even more documents, videos and other materials.
