Tips on stronger password can be found here.
FHWA Order 5181.1a Emergency Reporting Procedures 3-5-2010
ICS-CERT Cyber Security Evaluation Tool
Request for Information (RFI) recently issued by the Department of Commerce, National Institute of Standards and Technology (NIST). For context, NIST issued this RFI to gather information on version 1.0 of the voluntary Framework for Improving Critical Infrastructure Cybersecurity. The goal of the RFI is to gain understanding of organizations' awareness of and experiences with this Cybersecurity Framework.
The Center for Internet Security is a 501c3 nonprofit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS provides resources that help partners achieve security goals through expert guidance and cost-effective solutions.
ICS-CERT Roadmap to Secure Control Systems in the Transportation Sector
The use of the following ICS tools to assess their current security posture as a precursor to any cyber security program is recommended.
Video from 2014 DEFCON on hacking driverless vehicles.
Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.
Encryption plays an essential role in protecting the privacy of electronic information against threats from a variety of potential attackers. In so doing, modern cryptography employs a combination of conventional or symmetric cryptographic systems for encrypting data and public-key or asymmetric systems for managing the keys used by the symmetric systems. Assessing the strength required of the symmetric cryptographic systems is therefore an essential step in employing cryptography for computer and communication security.
Laurel, MD--19 September 2014.
Presentations by and to five academic researchers from the Universities of Maryland, Bonn, and Leibniz were the order of the day at a special ceremony in Emerson Cafe. The scholars were recognized as the winners of the Best Paper of 2013 in Cybersecurity and the runner up.
Dr. Deborah Fincke, NSA Director of Research, welcomed and thanked them for their contribution to the evolving Science of Security. Dr. Michael Hicks of the University of Maryland led the winning team which included Dr. Elaine Shi and graduate student Chang Liu. Their work, "Memory Trace Oblivious Program Execution" showed that combing Programming Languages (PL) and cryptography can yield memory trace obliviousness (MTO). Their goal was to address the problem when, in the Cloud, data encryption can mask content, but not header information. Using Oblivious RAM, around as a "curiosity" since the 1980's, they demonstrated a hybrid system that allows a relatively small overhead while masking both headers and content.
Dr. William Smith, now at the University of Bonn, and his colleague Sascha Fahl, University of Leibniz, presented the Honorable Mention paper, "Rethinking SSL Development in an Applied World." Dr. Smith told the audience about the problem of SSL certificate failure on Android and I-Phones. Their research showed that 14% to 18% of the applications they looked at were subject to Man in the Middle Attacks (MITMA ) because SSL certificates were invalid or bypassed. To find the reasons for this security failure, they interviewed developers and looked at the nature of the specific problem with the certificate. Their conclusions indicate that developers often inadvertently shut down and leave off the certificates for SSL when they develop apps, including one antivirus software that was used as an example.
The Clean-Slate Design of Resilient, Adaptive, Secure Hosts (CRASH) program will pursue innovative research into the design of new computer systems that are highly resistant to cyber-attack, can adapt after a successful attack to continue rendering useful services, learn from previous attacks how to guard against and cope with future attacks, and can repair themselves after attacks have succeeded.
TRB CYBERSECURITY May 2015 WEBINAR - RECORDING