From the Fall 2019 Issue

Avoiding Phantom Risk – Chasing Exploitability, Not Vulnerability

Author(s):

Alex Haynes, CISO, Cheshire Data Systems Ltd.

exploitability

The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”.  It is hard to know what that immediately means. Did they get system access on a host? Nope. Was there a public exploit available for that version of software that enabled remote code execution? … Read more

From the Spring 2019 Issue

An Information Security Triality: Balancing Security, Surveillance, and Convenience

Author(s):

Adam Firestone, Editor-in-Chief , United States Cybersecurity Magazine

Information Triality

Information security cultural iconography focuses on heroic and demonic archetypes, resulting in a pageant of evocative, emotional imagery that influences reportage, regulation, acquisition, enterprise governance, and the choices made by individuals with respect to their digital personae. The angels (in the epic struggle in the wires between good and evil) are the network defenders. They … Read more

From the Spring 2019 Issue

The Role of Voice Authentication in Cybersecurity

Author(s):

Justin Petitt, Chief Information Officer, LG-TEK

Larry Letow, President, COO, LG-TEK

Voice Authentication

Everyone loves to talk about the future of cybersecurity. However, most do not realize that in doing so, they’re using one of the most secure tools available to facilitate that conversation, the human voice. The voice connects us person-to-person, and when used as a component in enterprise, can securely connect us to our data around … Read more

From the Spring 2019 Issue

QKD versus PQC: A Quantum Showdown? Part 2

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

QKD versus RQC

This is part two of a two-part article on secure key distribution in a post-quantum world.  Part one focused on Quantum Key Distribution (QKD) as a method to securely distribute encryption keys.  This article will focus on Post-Quantum Cryptography (PQC), which seeks new quantum-resistant (i.e., hypothesized, but can’t be proven, to be secure against) cryptographic … Read more

From the Spring 2019 Issue

Programmable Networking: Solving the Security Challenges facing SD-WAN

Author(s):

Edward J. Wood, ,

programmable-network-header

Enterprises are moving their communications to the internet. Private networks are costly, inflexible, and do not easily enable the digital transformation of their businesses. However, over the last couple of years, we have seen a plethora of SD-WAN technologies come to market. Safe to say, SD-WAN adoption has accelerated. Unfortunately, SD-WAN has a number of … Read more

From the Winter 2019 Issue

Free Isn’t Always Best– It should come with a Big Caution Sign

Author(s):

MG (Ret) Quantock, , United States Army (Ret)

Quantock-feature-image-wn19

The free mapping in your phone is a powerful tool. And while it’s not designed to fire an artillery shell on a precision target, the app has all the basic features you need. So, why doesn’t the U.S. military ditch its expensive firing systems for free solutions? Because, while free products often have the features … Read more

From the Winter 2019 Issue

Cybersecurity and Critical Infrastructure: A Growing Sense of Urgency – Part 1

Author(s):

Audie Hittle, Chief Innovation Officer , Mystek Systems, Inc.

AudieHittle-feature-image-wn19

This two-part article examines risks and implications related to securing American critical infrastructure. Part I examines the historical framework and the current state of critical infrastructure protection. Part II discusses ways threat responses can be improved. What happens if one day you awake and discover the power had gone off during the night? You may … Read more

From the Winter 2019 Issue

QKD versus PQC: A Quantum Showdown? Part 1

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

HilaryMacMilan-feature-wn19

The need for communications confidentiality has existed since humans developed language. Accounts of the Greco-Persian wars in fifth century B.C. described steganography, (hiding the existence of a message). Cryptography, on the other hand, hides a message’s meaning. The cryptographic task of encryption enables a sender to “scramble” a message’s content, rendering it unreadable to anyone … Read more

From the Winter 2019 Issue

Evaluating the Operational Technology Environment: Improving DHSs Cybersecurity Evaluation Tool (CSET)

Author(s):

Henry J. Sienkiewicz, Author,

HenrySienkiewicz-feature-image-wn19

Servers, laptops, mobile devices, routers, industrial control systems, fire control systems, elevator operations, are the connected technology components of modern life that perform particular functions, offer ease of use, and that represent risks and vulnerabilities to an organization’s cyber environment. The cyber environment is tied to physical devices, including networking equipment, intrusion detection systems, data … Read more

Blockchain Meets Cybersecurity

Author(s):

Zehra Ali, ,

Blockchain abstract, blue chain links

Where Blockchain Meets Cybersecurity Blockchain technology is a powerful public ledger that records every “block” of data as it moves across many computers. Businesses of all types and sizes have to deal with a lot of information on a daily basis. Data is usually an extremely valuable asset for their operations. But keeping it safe … Read more