From the Winter 2019 Issue

Free Isn’t Always Best– It should come with a Big Caution Sign

Author(s):

MG (Ret) Quantock, , United States Army (Ret)

Quantock-feature-image-wn19

The free mapping in your phone is a powerful tool. And while it’s not designed to fire an artillery shell on a precision target, the app has all the basic features you need. So, why doesn’t the U.S. military ditch its expensive firing systems for free solutions? Because, while free products often have the features … Read more

From the Winter 2019 Issue

Cybersecurity and Critical Infrastructure: A Growing Sense of Urgency – Part 1

Author(s):

Audie Hittle, Chief Innovation Officer , Mystek Systems, Inc.

AudieHittle-feature-image-wn19

This two-part article examines risks and implications related to securing American critical infrastructure. Part I examines the historical framework and the current state of critical infrastructure protection. Part II discusses ways threat responses can be improved. What happens if one day you awake and discover the power had gone off during the night? You may … Read more

From the Winter 2019 Issue

QKD versus PQC: A Quantum Showdown? Part 1

Author(s):

Hilary MacMillan, Vice President, Solutions Architecture, Secure Channels, Inc.

HilaryMacMilan-feature-wn19

The need for communications confidentiality has existed since humans developed language. Accounts of the Greco-Persian wars in fifth century B.C. described steganography, (hiding the existence of a message). Cryptography, on the other hand, hides a message’s meaning. The cryptographic task of encryption enables a sender to “scramble” a message’s content, rendering it unreadable to anyone … Read more

From the Winter 2019 Issue

Evaluating the Operational Technology Environment: Improving DHSs Cybersecurity Evaluation Tool (CSET)

Author(s):

Henry J. Sienkiewicz, Author,

HenrySienkiewicz-feature-image-wn19

Servers, laptops, mobile devices, routers, industrial control systems, fire control systems, elevator operations, are the connected technology components of modern life that perform particular functions, offer ease of use, and that represent risks and vulnerabilities to an organization’s cyber environment. The cyber environment is tied to physical devices, including networking equipment, intrusion detection systems, data … Read more

Blockchain Meets Cybersecurity

Author(s):

Zehra Ali, ,

Blockchain abstract, blue chain links

Where Blockchain Meets Cybersecurity Blockchain technology is a powerful public ledger that records every “block” of data as it moves across many computers. Businesses of all types and sizes have to deal with a lot of information on a daily basis. Data is usually an extremely valuable asset for their operations. But keeping it safe … Read more

Microsegmentation and a Zero-Trust Network

Author(s):

Caleb Townsend, Staff Writer, United States Cybersecurity Magazine

Server room, Microsegmentation in a zero-trust system

We are currently in an unfortunate situation where universally, every business model predicates itself around connectivity. In fact, to be on the edge of innovation is to connect, to everything, before anyone else connects. With each new development, security suffers immediately. The incredulity that is always met with a new Facebook data breach is going … Read more

From the Fall 2018 Issue

40% Of Breaches are Related to Credit Card Data: Is Payment Software Secure?

Author(s):

Kelvin O. Medina, Principal Security Consultant, Trustwave

credit-card-data-security-86491586

Forty percent of the data breaches for 2017 were reported as involving credit card data, according to the 2018 Trustwave Global Security Report.1 The data breaches analyzed used attacks such as phishing/social engineering, malicious insiders, and misconfigurations. This is illustrated below in Figure 1: Methods of Compromise2. Those numbers likely do not include hundreds of … Read more

From the Fall 2018 Issue

Zero Days and Zero Trust: Microsegmentation and Security in a World of Many

Author(s):

Jack Koons, Chief Cybersecurity Strategist, Unisys Corp

koons-article-header

In a world where the business model is racing to connect everything, security is failing to keep pace. This sets up a dynamic tension within the organization between the network/infrastructure teams and the security teams. We are placing the current crop of CIO, CISO, and CTOs in an almost untenable position, and levying unrealistic requirements … Read more

From the Fall 2018 Issue

The Paradox of Infosec and the Dropping of a Socket

Author(s):

Gina Yacone, Director of Sales, Braintrace

Data-Breach-Paradox-header

On Sept. 19, 1980, near the small town of Damascus, Arkansas, someone dropped a socket, and it caused a breach. In terms of breaches, it was nuclear! Paradoxical as it may seem, the story of the 1980’s Damascus Titan II explosion showcases how a simple error parallels that of a significant breach of a company’s … Read more

From the Fall 2018 Issue

Modern Data Security: Worse Than you Think

Author(s):

Dr. Edward Amoroso, CEO, TAG Cyber

Amoroso-article-header

Imagine that under some bizarre set of circumstances, a local high school football team is forced to compete against the New England Patriots. Imagine further that the victory stakes for these teenagers are enormous, perhaps even life or death. Let’s complete this nightmare situation with an understanding that the NFL team will not let up … Read more