NIST SP 1800-23 is a response to the growing digital security challenges confronting organizations with operational technology (OT) assets. The issue for those types of entities is that many of their industrial control systems (ICS) are becoming increasingly interconnected. This development presents an opportunity for attackers insofar as they can abuse those connections to attack an ICS. Depending on the nature of the attack, malicious actors could undermine the functionality of an organization’s assets, systems and networks. Such damages could subsequently produce broader negative effects for society, especially if that organization plays a part in managing their respective host country’s critical energy infrastructure.

The NCCoE asserts that organizations can minimize the risks discussed above by maintaining an updated OT asset inventory. But that’s a challenge in itself. Energy organizations might not be able to discover all their assets using manual discovery alone, which could leave them exposed to digital security risks. These entities therefore need a better way of discovering and managing their OT assets.

  • Information sharing is backward-looking – Stuxnet, TRITON, and NotPetya “came out of nowhere” – there were no similar previous attacks to learn from.
  • Threat intelligence programs are imperfect – Stuxnet, TRITON, and NotPetya were all the result of long-standing physical conflicts and succeeded in spite of presumably long-standing warnings.
  • Regulations are not protection, but the government ordered us to protect ourselves, and
  • Government intrusion detection is a little better at detecting attacks than our own systems and presents serious risks to corporate confidentiality.

The one cyber risk that governments are much better at controlling than we are is insider threats. Governments have been dealing with people threats for centuries and have powerful tools at their disposal for such investigations.

The release of a fully functional proof-of-concept (PoC) exploit for a critical, wormable remote code-execution (RCE) vulnerability in Windows could spark a wave of cyberattacks, the feds have warned.

Microsoft patched the bug tracked as CVE-2020-0796 back in March; also known as SMBGhost or CoronaBlue, it affects Windows 10 and Windows Server 2019. It exists in version 3.1.1 of the Microsoft Server Message Block (SMB) protocol – the same protocol that was targeted by the infamous WannaCry ransomware in 2017. 

Security engineering, to me, is the discipline of building secure systems. Ultimately, I hope to learn how to systematically secure anything -- whether it's a computer network or medieval castle.

I tried for several years to read Ross Anderson's book, and eventually I realized it wasn't structured correctly for me. This learning path is, and hopefully it is for you, too.