Cyber security round-up (March 2014)

CSC’s incident response. Industrial Defender acquired by Lockheed Martin. NIST’s cybersecurity framework. Scada ‘pain points.’ Rockwell on why ‘Pandora is really out of the box!’

Computer Science Corp. (CSC) is offering a cyber incident response service to clients worldwide. Following a cyber-security incident, CSC provides access to trained professionals along with technical and strategic capabilities delivered through a ‘retained pricing’ model that is claimed to lower the financial and technical risks of future incidents.

While CSC’s public sector clients have benefitted from the service for the past two decades, commercial organizations are ‘ill-equipped and unprepared for cybersecurity incidents.’ A 2013 Ponemon Institute study, ‘The Post-Breach Boom’ found that only 41% of US companies had the tools, personnel and funding to prevent breaches. Moreover only 39% could minimize damages if breached. CSC has teamed with Co3 Systems and Alvarez & Marsal on the new offering. More from CSC.

Lockheed Martin has acquired Industrial Defender, a provider of cyber security solutions for control systems in the oil and gas, utility and chemical industries. The terms of the agreement were not disclosed but are ‘not material to’ Lockheed’s operations.

Lockheed chairman Marillyn Hewson said, ‘ID’s experience of addressing cyber threats to industrial control systems complements our own IT cyber security expertise.’ ID CEO Brian Ahern added ‘We share a perspective on the importance of protecting critical infrastructure from an increasingly hostile landscape. Our combined capabilities make up a comprehensive suite of technology and services designed to face modern day threats to operations and the business.’

The US National Institute of Standards and Technology (NIST) has released version 1.0 of its cybersecurity framework designed to protect the nation’s financial, energy, health care and other critical systems from cyber attack. The 40 page document provides a taxonomy and mechanism for organizations to assess their current cybersecurity posture and set a ‘target state’ and a means to achieve the same. NIST has also released a roadmap document to accompany the framework.

Inductive Automation (IA) has published a Scada ‘pain point’ graphic explaining how Scada is broken and what IA’s technology does to fix it. Some 19 pain points are enumerated, including the absence of a SQL database, no support for OPC-UA and more.

Rockwell Automation and Cisco have also jumped on the cybersecurity bandwagon with a new ‘Converged plant-wide Ethernet architecture,’ as reported in a recent Control Magazine piece by Jim Montegue. This includes an amusing citation from Cisco’s Rick Esker viz., ‘With Stuxnet and its 85 families of worms, Pandora is really out of the box.’ Rick needs to re-read his classics!

Click here to comment on this article

If your browser does not work with the MailTo button, send mail to with OilIT_1403_5 as the subject. Web use only - not for intranet/corporate use. Copyright © 2014 The Data Room - all rights reserved.