Larry Karisny is the director of Project Safety.org, an advisor, consultant, speaker and writer supporting advanced cybersecurity technologies in both the public and private sectors.
The Internet of Things is growing and so is the risk of exploitation.
Despite a less-than-stellar record to this point, the Internet of Things space is forcing companies to think holistically about the security behind their devices.
Cyberattacks are already bad today. But what if all encryption didn’t work? We are reaching a point now where global adversaries can crack encryption, and will be able to crack all encryption in the near future.
The power grid, oil and gas, and even existing telecoms are perfect targets for funding and development of these technologies.
The cyberdefense industry needs to quit playing catch-up and having a reactionary approach to cybersecurity. So what is this industry doing wrong, and how can we change it?
Danger: Conventional cyberdefense technologies not capable of securing the Internet of Things.
Cybersecurity expert Chuck Brooks talks about where we stand in what many people call the "wild, wild west" of cybersecurity.
Hackers use innovative thinking when breaching systems, why can't government?
The costs of cyberattacks have significantly affected corporate bottom lines, and nation-state attacks have threatened the security of entire countries, renewing the focus on and demand for cyberdefense.
From access to activation, we pass through multiple digital ecosystems with devices that can be used to hack unrelated digital system processes in a millisecond.
Before delivering a keynote at the Florida Center for Cybersecurity 2015 Annual Conference, former NSA Director Keith Alexander spoke about his new startup and the direction cybersecurity must take to be successful.
How do we get better cybersecurity technologies out quickly while having enough personnel to rapidly respond to the ever-changing exploits?
From unlocking cars and opening garages to hacking a satellite, recent breach demonstrations made a clear point about cyberattacks: They are very real and can be very dangerous. And our current method of "fighting" these attacks is not working.
The Einstein and Continuous Diagnostics and Mitigation cybersecurity programs have been hailed as the cornerstone of repelling cyberthreats in real-time -- but it turns out this is not actually the case.
If superior cybersecurity technologies exist, there is a responsibility beyond corporate profits or government compliance standards that must expedite their use.
If we are to proactively defend our cybersecurity, we must move away from historical algorithm audit and analysis to real-time pattern recognition audit and analysis.
The back and forth hack and patch cyberwar could be devastating. Is Digital Process Management 5th Generation Programming Language the answer?
In this Q&A, a security expert discusses the problems and approaches in fixing cybersecurity.
Real-time cybersecurity is now a necessity, and has reached the point of requiring big changes in how we are going to fix cybersecurity today.
Today, all cybersecurity technologies secure information processes at points that are too late to achieve true cybersecurity -- and hackers know this.
The old model of "good enough security" is being replaced by a new model of "0 trust security" -- the new platform on which cybersecurity must be built.
The penetrate-and-patch cybersecurity market is a short-term solution and actually demonstrates how weak current security methodologies are.
Security is only the anomaly detection of an incorrect process action.
Frankly, the exploit offense technologies are currently beating the security prevention and detection defense technologies every which way.
There is no "it won’t happen to me" anymore.
If we have cybersecurity protection, then why are hackers hacking? Because they can.
New evidence of startling increases in the volume and scale of cyberattacks suggests that current security technologies may have reached their limits.
Google’s recent network, acquisitions and hires in Austin, Texas, have created an opportunity to do security right the first time.
One expert applauds that information security company Mandiant released its research, looking at it as a wake-up call.
"We lose control of our grid, that's far worse than a botnet taking over my home PC."
Networking and software pioneer Rajeev Bhargava discusses his unique way seeing and correcting our recent surge of cyberbreaches.
According to security expert Curt Massey, standards, certifications and compliance force industry and government to keep an inherently insecure system insecure.
The $388 billion cybercrime business is now as large as the international illegal drug trade, and brings threats of foreign espionage.
"One would hope that after all of the power issues with Hurricane Sandy, utility executives will take ICS cyber security more seriously before it is too late."
What if we could create an anomaly algorithm that could audit, detect and approve positive input events in business processes?
Security needs to change to protect utilities and the grid.
We can’t continue to patch cyber security while thinking we can manipulate these vulnerabilities in targeted cyber attacks.
"We are ultimately seeking a modernized power system that is somewhat self-aware, self-healing and self-managed."
With immediate security needs evident, there must be a way out of what people in the security business are now calling the "smart grid security circus."
We can no longer look security solutions of the past when trying to secure the enormous amount of data that will flow through the smart grid. Old methods are too complex and too slow.
IPS can eliminate man-in-the-middle spoofing/sniffing risks or denial-of-service vulnerabilities.
"The clearest example of vulnerability brought on by computer controls happens to be the one system that everything else depends upon: the electric power grid."
"The next Pearl Harbor we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems our governmental systems."
In spite of power-grid security breaches, just stopping the smart grid isn't an answer or even an option.
Loss of power though natural or man-made causes can range from an inconvenience to a global catastrophe.
Sandra Manning, utility marketing manager, City of Tallahassee, demonstrated a running smart-grid application.
Remote control functionality always opens additional pathways for attackers.
If Stuxnet is any indication, then the serious attackers are way ahead of us and can pretty much operate with impunity.
Stuxnet brings years of warnings from theory to reality.
"Our goal is to become the leading provider of universal smart-grid operating systems for any device and any broadband technology."
There are actually ways to offer high-end security with low overhead through layer 2 security techniques.
"What I found most interesting is the assertion by some vendors that the meters have security features built in that utilities often choose not to implement for their own reasons."
Rock Hill incorporated wireless broadband as part of a strategy to build a multi-use communications foundation.
"One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet." -- Vint Cerf
So now with little knowledge of the Internet and security the power companies have billions of dollars of grants in hand with one big problem. The grants mandate an iron-clad security platform.
