Difference between revisions of "Episode332"

From Security Weekly Wiki
Jump to navigationJump to search
Line 39: Line 39:
 
#Greg: What is the general sentiment of the ICS industry  regarding security - is the industry embracing security?  Is proper air gapping  sufficient to help?  Is inadequate funding the issue?
 
#Greg: What is the general sentiment of the ICS industry  regarding security - is the industry embracing security?  Is proper air gapping  sufficient to help?  Is inadequate funding the issue?
 
#As a general statement in the US, where does the budget for ICS security come from?  Public, private, federal or local?
 
#As a general statement in the US, where does the budget for ICS security come from?  Public, private, federal or local?
 
+
#Tell us about the Securing The Human Utility Training initiative.
  
  

Revision as of 04:27, 16 May 2013


Episode Media

Announcements & Shameless Plugs

PaulDotCom Security Weekly - Episode 332 for Thursday May 16th, 2013

  • We are looking for sponsors for monthly webcasts in conjunction with SANS - contact paul -at- hacknaked.tv for details!
  • Come to Security BSides Rhode Island Two-Day Conference on June 14th and 15th tickets are NOW ON SALE at WePay.com. Featured presentations from Josh Wright , Kevin Finisterre, Kati Rodzon and Mike Murray, Bruce Potter, Joe McCray,Ron Gula, Ben Jackson, Dave Maynor and the entire PaulDotCom crew!
  • This Saturday May 18th, almost sold out of BSides Boston! Keynotes by Dan Geer and Josh Corman and presentations from Alissa Torres, Andrew Case and the lady who keeps a low profile on the InterWebz: Allison Nixon.
  • The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Sunday nights at 8:30PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here! (Web site experiencing problems, will update link when it comes back)

Interview: Mr. Brian Snow

Mathematician/computer scientist, Brian taught mathematics and helped lay the groundwork for a computer science department at Ohio University in the late 1960’s. He joined the National Security Agency in 1971 where he became a cryptologic designer and security systems architect.

Brian spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the battlefield. He created and managed NSA’s Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his creativity.

Brian retired in 2006 and is now a Security Consultant and Ethics Advisor.

  1. How did you get your start in information security?
  2. In a recent Keynote you outlined some major problems facing the security industry and described the "bare minimum" approach to software design. However, how can companies sufficiently compete with each other and differentiate themselves from their competitors, with simple or stripped down designs? More importantly, how do we convince consumers of that approach?
  3. If one of the answers to better cybersecurity is regulation, how can we ensure Mutual Suspicion/ Checks and Balances? How can we ensure regulations are agile when regulations are designed to be enduring and historically difficult to update?

Tech Segment: Tim Conway

Tim is the Technical Director of the Industrial Control Systems and SCADA programs at SANS, where he is responsible for developing, reviewing, and implementing technical components of the ICS and SCADA product offerings. Tim was formerly the Director of Compliance and Operations Technology at the Northern Indiana Public Service Company (NIPSCO).


  1. Allison: If hacking industrial control systems is so easy, why are internet trolls not causing rolling blackouts and destruction of dams, etc?
  2. Greg: What is the general sentiment of the ICS industry regarding security - is the industry embracing security? Is proper air gapping sufficient to help? Is inadequate funding the issue?
  3. As a general statement in the US, where does the budget for ICS security come from? Public, private, federal or local?
  4. Tell us about the Securing The Human Utility Training initiative.


Upcoming SANS ICS Events:


For More Information:


Announcement

  • Larry teaching SANS SEC617 all over and coming to a city near you in 2013. It isn't too Late to sign up for my class in San Diego this May! (actually, it is)
  • If you are interested in hosting SANS Training in the Boston area via the mentor format, please send us an email at mike -at - hacknaked.tv! We're looking for a location that can host 2 hours in the evening, 1 night a week, for 10 weeks.

Stories

Paul's Stories

Larry’s Stories

Jack’s Stories

Allison's Stories

Patrick's Stories