Home » Research » About » IT vs OT | When Facing The Insider Threat | What Happend | Free Software vs Open Source | ask me |
· Priscilla Felicia Harmanus · 1993 from the Netherlands · Last update: 22 juli 2020
No one knows who I am yet and what kind
of content I produce. So why not focus on a topic that
people are already searching for, right?
Insiders are without a doubt the largest threat.
Insiders are without a doubt the largest threat.
They know where the crown jewels are.
They know the processes on the inside.
They already have logins.
If they have something to gain,
there's not much to prevent them from
doing the wrong thing. ★
Insider threat tactics
PRISCILLA: For insider threat tactics, I have a message to share. If a pretender could be ANYONE... then you could have so many and interesting episodes that the show could last for a long time. To achieve something in the "cyber security industry such as creating awareness for her fixation target. This is what the story would be about. I want to convey a good clear message with the aim that "Insider threat tactics" are easily and quickly understood and recognized. This message have may a meaning consisting of a combination of Hardware vs Software, Ubuntu / Linux "GNU is Not Unix", ICS / SCADA, Free Software vs. open Source, IT / OT. physical vs analog/digital and social/reverse engineering which reveals sophisticated high level skilled advanced operating techniques that includes practical knowledge and hans on experience is required. This is my message for Insider threat tactics, human error for your company, coding the law within our government and gmail beta access for grandma's home/small office. It takes place in the present, past and back to the future. Additional Key Words and Phrases: Insider threat, malicious insider threat, unintentional insider threat, masqueraders, traitors, grounded theory for rigorous literature review, 5W1H questions.
The 10 cases selected by Insider threats tactics (IT/OT - ICS/SCADA) for this study have been drawn from the contemporary experience of national infrastructure industries. The Dutch critical infrastructure is defined as including organizations involved in telecommunications, banking and finance, electrical power, gas and oil production, storage or delivery, transportation, water supply systems, emergency services, and government operations. Case selection preference also given to Defense and government contractors that maintain cleared facilities under the National Industrial Security Program. Interest in this study of private-sector events also derives from the fact that its mission is closely integrated with the sensitive and classified work being carried out in its contractor community and that Defense agencies and military facilities are themselves increasingly outsourcing IT functions.
Government, environmental, gemeenten, provincies, verenigingen, stichtingen, consumenten, particulieren, private.
Cyber as a prefix refers to electronic and computer based technology.11 Cyber-space is ―an operational domain framed by use of electronics to … exploit information via interconnected systems and their associated infrastructure‖.12 Cyber-space is therefore ―a unique hybrid regime of physical and virtual properties‖, hardware and software, which is all computer networks in the world including the Internet as well as other networks separate from and not linked to the Internet.13
Could this happen to you? | Insider threat tactics
This website focuses on human knowledge and cyber security awareness in the Industrial control systems and explains the gap and the differences between IT and OT environments and why this information is critical and important. This study focuses on the threat to Industrial Cyber Control Systems in small businesses and startup companies in the digital information age of today. GPL open source software in self driving cars Read the full story: How It Is When Facing The Insider Threat.
The original Stuxnet worm, which is more than one year old, only jumped from system to system via USB sticks. That seems primitive, but it is intentional. Almost all SCADA systems are — for safety reasons — standalone: not connected to a network, let alone the Internet.
Technology exists to make our lives easier.
At least, that is what we should be using technology for. Time and time again I come across devices or software that completely fail in this regard, either by poor design, or even intentionally. Devices these days seem to be designed to market to people, to limit what you can do with a device because some big company wants it that way, or just hacked together.
politics, free software, community, proprietary communication systems, licenses, distributors, proprietary producers, vendors, developers, manufactures, source code, programmers, compiler, critical infrastructure, transportation, crucial, information, piping and switches, a, b, who gets what, where, when, how and what price, job, power, knowledge, monopoly, measuring, improvement, stand alone, network, services, political purposes built computer user program freedom free speech open closed trust openness
Energy Sectors | Attack | Government Sectors | exploits | Insiders | Financial Sectors | Social Engineering | Spear Phishing | Critical Infrastructure Security and Resilience | Cyber Systems | IT/OT convergence to start-up companies and small business | IoT | Telecom | Data | Information | Networking | Communication | Threat | Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams | Terrorism | the Defense Industrial Base | Zero day exploit | Emergency Services, Energy, Financial Services | Big Data | Food and Agriculture | Stuxnet aanval | Government Facilities, Healthcare and Public Health, Information Technology, Transportation Systems, Water and Wastewater Systems and Nuclear Reactors, Adversary, Materials, and Waste | Advanced Persistent Threat | IT - OT | ICS/SCADA | Human error | proprietary | free software movement | open source movement | ubuntu developers | license agreement | Critical Infrastructure includes utilities like gas, water, electricity, oil, communication and finance - Financial - Multinationals - Intelligence - Telecom - Water - Nuclear - Energy - Harbour - Airport - Managed Service Providers - Health - Insurance - Information Diving - Identity Theft
Intelligence Agencies | Crypto Museum | Overview of intelligence and law-enforcement agencies
This page contains an non-exhaustive overview of the various intelligence and law-enforcement agencies in the world. If possible, a link to their website or to Wikipedia is provided. The list is by no means complete and is only intended as a placeholder for information about agencies that are of interest in relation to cryptography or to other subjects featured on this website.
Home » Research | IT vs OT | When Facing The Insider Threat | What Happend | Free Software vs Open Source
World's Biggest Data Breaches & Hacks Information is Beautiful
Select losses greater than 30,000 records
Last updated: 1st April 2020
Cisco » Securing IoT | IoT beveiligen
Fortinet » Solutions » Security » Securing Critical Infrastructure with Fortinet | Security Solutions for Industrial Control Systems
IBM » Security » Operational Technology | Operational technology security in the age of digital transformation |
SCADA and industrial control systems are increasingly vulnerable to cybersecurity attacks as they become more connected
NIST » Information Technology Laboratory » Computer Security Research Center » TOPICS » APPLICATIONS » industrial control systems ICS
Shodan » Industrial Control Systems On The Internet | ICS
International Electrotechnical Commission (IEC)
International Standards and Conformity Assessment for all electrical, electronic and related technologies
Technology Sectors » EMC explained | Electromagnetic Compatibility
Ubuntu » Ubuntu on public clouds | Ubuntu is the world’s most popular cloud operating system across public clouds
Home » Research | IT vs OT | When Facing The Insider Threat | What Happend | Free Software vs Open Source | ask me |
Microsoft » Europe » Industry » Retail » News » WINDOWS 2000 BEATS LINUX - Comparative test of Microsoft Windows 2000 and Linux as network operating systems | 22 januari 2001
Microsoft Business » Linux in Retail and Hospitality - What Every Retailer Should Know - White Paper - Microsoft Corporation | February 2001
Rod Dixon » Open Source Software Law | 2004
Eric S. Raymond » catb.org » Terminology Wars: A Web Content Analysis | 27 oktober 2004
Tweakers » nieuws » Veiligheidsfout Ubuntu onthult password | 13 maart 2006
Economides and Katsamakas: Two-Sided Competition of Proprietary vs. Open Source Management Science 52(7), pp. 1057–1071, © 2006 INFORMS
Tweakers » nieuws » Ubuntu plant 'ultravrije' distro | 13 april 2007
Google » support » accounts » Google Accounts Help » Does creating A Google Account give me a Gmail account? | 2004 - 2007
ZDNet » blogs » Education IT » Will the latest Ubuntu distro finally provide a mainstream Windows alternative? | 17 april 2007
ZDNet » blogs » Ubuntu 17.04 is linux voor dummies! | 17 april 2007
Tweakers » Nieuws » Software » Beschuit met muisjes voor Ubuntu 7.04 Feisty Fawn | 19 april 2007
Engineerings Online » Kennis » EMC/ESD » Wurth en Dare organiseren EMC-seminar | 29 januari 2008
D.A.R.E!! :: » learning center » nieuwsbrief » EMC-seminar Würth Elektronik en DARE!! groot succes | woensdag 6 maart 2008 | donderdag 7 maart 2008
Ars Technica » information technology » Free Software Foundation lawsuit at Cisco at first | 12 december 2008
Tweakers » nieuws » Cisco en FSF schikken rechtszaak over GPL | 23 mei 2009
Ars Technica » Gaming and Culture » It no longer does everything: no more Linux on Playstation 3 | 29 maart 2010
Electronic Frontier Foundation » Deep links » Sony Steals Feature From Your Playstation 3 | 30 maart 2010
Ars Technica » Gaming and Culture » Hacker vows to fight Sony's PS3 update, restore linux | 30 maart 2010
GOVCERT » Computer Emergency Response Team » Factsheet Stuxnet - een geavanceerde en gerichte aanval - versie 2.4 | 21 januari 2011
Webwereld » Nieuws » Business news » Waarom de GPL altijd wint van de commercie | 19 maart 2011
ICT recht » Nieuws en Blogs » Wanneer geldt de GPL bij opensource webapplicaties? | software | 5 april 2012
GNU » philosophy » Ubuntu Spyware: What to Do? | 7 december 2012
The Register » Stallman: Ubuntu spyware makes it JUST AS BAD as WINDOWS | 7 december 2012
Tweakers » nieuws » Een derde van aangetroffen kinderporno staat op Nederlandse servers | 9 april 2013
Globalsign Internet Group » en » blog » IT vs OT industrial internet | IT and OT - What's the difference? | 27 april 2016
Brian W. Kernighan » Princeton University Press » Understanding the Digital World: What You Need to Know about Computers, the Internet, Privacy, and Security. The basics of how computer hardware, software, and systems work, and the risks they create for our privacy and security | 9 januari 2017
NOS » NIEUWS » BUITENLAND » TECH » Waarschuwing voor industroyer het virus dat stroomnet kan platleggen | 12 juni 2017
Techzine » be » nieuws » security » gevaarlijke malware richt zich op platleggen stroomnetwerken | 12 juni 2017
Eset » news-room » IT-Beveiliger ESET ontdekt Industroyer, de gevaarlijkste malware gericht op industriele systemen sinds Stuxnet | 12 juni 2017 **
CBS » nieuws » Oplopende personeelstekort in vergrijzende industrie | 8 december 2017
NU » ECONOMIE » Personeelstekort in industrie wordt nijpender | 8 december 2017
RTL » NIEUWS » ECONOMIE » Industrie komt mensen tekort, groot deel personeel vergrijst | 8 december 2017
Emerge » Fortinet lanceert beveiligingsoplossingen voor de Operationele Technologie | Industry Wire | Geplaatst door Fortinet | donderdag 21 december 2017
Omroep Flevoland » Nieuws • Almere » Almeerse bedrijven tonen interesse in bouw Floriade-wijk | donderdag 28 december 2017
Automation » articles » 2018 » feature » For Many, Insiders Pose The Biggest Threat To Industrial Security | 3 juli 2018
Techzine » Goede IT security begint niet bij technology maar bij de mens | 2 oktober 2018
Tweakers » Nieuws » Nederlandse servers hosten meeste beelden van seksueel misbruik | 24-4-2019 *
Tweakers » Nieuws » Onderzoekers: zestig slecht beveiligde Nederlandse SCADA systemen op internet | 5 augustus 2019
Dutch IT Channel » AIVD betrokken bij Stuxnet-aanval op Iraanse nucleaire programma | 3 september 2019
Info Security Magazine » News » Dutch Insider deployed Stuxnet: report | 4 september 2019
ZDNet » article » free software advocate Richard Stallman spoke at Microsoft this week | 5 september 2019
Kennis Platform CROW » Gemeente Almere wint prijs voor meest duurzame mobiliteit | 28 december 2019 *
Mitre ATT&CK » MITRE RELEASES FRAMEWORK FOR CYBER ATTACKS ON INDUSTRIAL CONTROL SYSTEMS | 7 januari 2020
Techzine » be » nieuws » infrastructure » Cisco verenigt IT en OT in security-architectuur voor industriële IoT | 28 januari 2020
Techzine » be » nieuws » security » Cyberaanvallen op kritieke OT-infrastructuur nemen explosief toe | 12 februari 2020 *
Techzine » be » blogs » security » Cyberaanvallen verschuiven van IT naar OT Security moet ook mee | 9 maart 2020 *
Siemens » News » Operational Guidelines for Industrial Security |
Siemens has released an updated version 2.1 of the Operational Guidelines for Industrial Security. The guidelines provide recommendations for the secure operation of plant and machinery in industrial environments, including a 'Defense-in-Depth' security concept | Referenced in Siemens Security Advisories related with Siemens Industrial Products | 18 maart 2020
Botch companies like Siemens and ABB are big on the Dutch ICS market and are also key-players worldwide. For Siemens the real ICS Security wake-up call was Stuxnet. Stuxnet was malware developed to target ICS. Stuxnet was especially developed to target PLC’s and other ICS devices from Siemens at nuclear plants in Iran. After Stuxnet not only the ICS device designs were changed but also the way Siemens was working themselves. On all devices with an Ethernet connection there is the possibility to configure a firewall. But also when the firewall is available it is still the customer/end-user or system integrator who is responsible for the configuration. Although Stuxnet was a Siemens devices orient malware also ABB took action after Stuxnet.
To get more ICS Security awareness at the end-users and also at the system integrators, Siemens sets up ICS Security awareness courses. During this training, that is not specifically setup for Siemens devices, they also teach a little bit of forensics. The problem remains that for most users it has to be “plug and play”. They also have an ICS Security Awareness training for their own system integrators with a simulated model. Siemens also tries to inform their customers with product manuals and whitepapers. When looking at the industrial plants at this moment there is almost no knowledge on IT.
In 2006 the Dutch National Police started with The National High Tech Crime Unit (NHTCU). The NHTCU was initiated for complex digital cases where automated systems attack other automated systems, the social importance is high and the technology used by these criminal activities is complex. So the NHTCU is, although existing for almost eight years, a relative new come unit at the Dutch National Police. Cases that are handled by the NHTCU are, for example, complex banking frauds where new malware is used to do the fraud, hacking of important vital servers where social importance is high (companies, hospitals, banks, etc) and complex botnet infrastructures that are attacking Dutch computer systems. All above mentioned examples are attacks on “normal” computer infrastructures. A other segment about which was a lot to do sometime ago was the segment of Industrial Control Systems (ICS). Stuxnet was the most known catalyst for this. Where there is a lot of knowledge about the “normal” computer infrastructures, there is less knowledge about ICS at the NHTCU. Not only about the devices used like SCADA, PLC’s, SoftPLC’s, HMI’s,, Industrial Computers and Remote inputs and outputs but also about the way the companies manage these systems. So at this moment ICS and Police are two different worlds. The question what do we need to know as Police about these systems? https://fhi.nl/app/uploads/sites/37/2014/09/politie3.pdf
Recommended readings > Industrial Control System Security Awareness now-a-day and the role of law enforcement in it. “Are the bad guys already in?” Ton Maas A minor thesis submitted in part fulfillment of the degree of M.Sc. in Forensic Computing and Cyber Crime Investigation with the supervision of Prof. Dr. Mohand-Tahar Kechadi. School of Computer Science and Informatics. University College Dublin. 09 March 2015
Het oorspronkelijke doel van Stuxnet leek bedrijfsspionage. Wanneer een proces controlesysteem door Stuxnet is besmet is het echter eveneens mogelijk de besturing van industriële processen te beïnvloeden en te verstoren, waaronder de aansturing van apparatuur zoals pompen en motoren. Stuxnet is daarom te beschouwen als een uiterst serieus te nemen waarschuwing ten aanzien van de uitbuiting van de kwetsbaarheid van proces controlesystemen. Nationale trendrapport cybercrime en digitale veiligheid 2010 - overheid
NCTV » actueel » nieuws » Reactie NCTV op sabotage en brandstichting zendmasten Nederland | 10 april 2020
Autism and the technical security industry | 2017 | CREST