John Forrester

How Local and Regional Authorities can improve their ransomware defenses

How Local and Regional Authorities can improve their ransomware defenses A recent study done by the National Association of State CIOs (NASCiO) and Deloitte found in the US 75% of state CISOs view ransomware as a threat. As this Govloop report reported “…there’s good reason for that. A number of factos, the report notes that combine to make local and regional governments particularly vulnerable to this attack”. High impact: Ransomeware is capable of causing an organization’s operations to a halt.

Continue reading

Users are not stupid

Users are not stupid This article from Julie Haney of NIST deals with some of the misconceptions and pitfalls that cyber security professionals fall victim to. These pitfalls reflect a tendency in the cyber security community “to focus and depend on technology to solve today’s security problems while at the same time failing to appreciate the human element: the individual and social factors affecting security adoption.” To appreciate the importance of the human element in cyber security, Haney suggests it would be best to understand the concepts of usability and usable cyber security.

Continue reading

Why old school thinking?

Why old school thinking? For many years, a report from Govloop in the US writes, government agencies have applied a “hodgepodge of cyber-security strategies” to counter both internal and external risks. Many relied on firewalls to manage external activity and potential threats. In the end, the Govloop authors conclude that Legacy firewalls tend to be more concerned with activity attempting to penetrate their perimeter defenses and do not monitor internal activities within the local network.

Continue reading

Cybersecurity For Public Utilities Solutions III

Cybersecurity For Public Utilities Solutions III Failing to understand the gravity of the potential effects of a power grid attack leaves municipal utility companies unprepared to enact the necessary cybersecurity counter-measures necessary to prevent or, at least, mitigate attacks. As Miller [1], points out, local governments could benefit from the information that would lead to the early prevention of cyberattacks. Unfortunately, the information is often hidden or never revealed. Although municipalities are obliged to report attacks in a timely fashion, they often avoid reporting attacks to maintain credibility.

Continue reading

Cybersecurity For Public Utilities Solutions II

Cybersecurity For Public Utilities Solutions II Cyberattacks launched on municipal utility companies are similar to attacks in any other industry. However, the potential for OT attacks and the dangers of a major service disruption has raised the stakes. Miller outlines in this article [1] the most common cybersecurity attacks that have affected municipal utility companies. Denial of Service Attacks that stop users from accessing essential networks are typically referred to as denial of service (DoS) or distributed denial of service (DDoS) attacks.

Continue reading

Cybersecurity For Public Utilities Solutions I

Cybersecurity For Public Utilities Solutions I In 2021 Jason Miller wrote an article on cybersecurity for municipal utilities stressing that cyber-attacks were increasing every year and greatly impacting a wide range of high-profile targets from governmental agencies to financial and insurance organizations, hospitals and other health facilities, and educational institutions. Of particular concern in many countries, he points out, is the situation on local levels where local governments with municipal utilities are often under-funded with poorly trained staff [1].

Continue reading