Show newer
Patrick Coyle

CRS Reports – Cybersecurity – Week of 1-14-23 – CRS looks at forming a Bureau of Cyber Statistics in CISA – tinyurl.com/3uky947c

0
Patrick Coyle

Review - Public ICS Disclosures – Week of 1-14-23 – 12 vendor disclosures from Campbell Scientific, Contec, HIMA, HP, Medtronic, and Wireshark (7) – 2 researcher reports for products from Mitsubishi and GE – Short version - tinyurl.com/mr2uawbh

0
Patrick Coyle

Public ICS Disclosures – Week of 1-14-23 – 12 vendor disclosures from Campbell Scientific, Contec, HIMA, HP, Medtronic, and Wireshark (7) – 2 researcher reports for products from Mitsubishi and GE - tinyurl.com/286vxm53 Subscription required

0
Patrick Coyle

CFSN Detailed Analysis - Substack Daily Update – 1-19-23 – Free Content – tinyurl.com/ye26peae

0
Patrick Coyle

Waste Transfer Explosion – An explosion in Kentucky was a reaction in a waste transport vehicle between two different waste streams – tinyurl.com/4bcjsppf

0
Patrick Coyle

Short Takes – 1-19-23 – Good cholesterol – Vulnerability management – GOP players in 118th – Substation security rules - tinyurl.com/3c7ejvzj

0
Patrick Coyle

Review - 1 Advisory Published – 1-19-23 – NCCIC-ICS control system security advisory for products from Hitachi Energy – Short version – tinyurl.com/2p9j4p7p

0
Patrick Coyle

1 Advisory Published – 1-19-23 – NCCIC-ICS control system security advisory for products from Hitachi Energy – A brief look-back at OpenSSL 3.0 – tinyurl.com/2a6sjxsk Subscription required

0
Patrick Coyle

CISA Updates CFATS 15th Anniversary Page – 1-18-23 – Three new videos added to the list - tinyurl.com/y24tpkc4

0
Patrick Coyle

Review - HR 162 Introduced – Digital Reserve Corps – NDRC would be established in GSA – Identical language was offered as HR 4818 in 117th Congress – Short version - tinyurl.com/8ur5aerz

0
Patrick Coyle

HR 162 Introduced – Digital Reserve Corps – NDRC would be established in GSA – Identical language was offered as HR 4818 in 117th Congress – tinyurl.com/5dnjuazy

0
Patrick Coyle

CFSN Detailed Analysis - Substack Daily Update – 1-18-23 – Free Content – tinyurl.com/yc3t7627

0
Patrick Coyle

Short Takes – 1-18-23 – Ionic cooling – New cybersecurity regulations – Jackson, MS water problems continue – tinyurl.com/ynuhears

0
Patrick Coyle

Review - OCS Updates CFATS FAQ Response – 1-18-23 – FAQ response updated for inflation adjustment rule – Short version – tinyurl.com/44bmdhnz

0
Patrick Coyle boosted
Lesley Carhart :unverified:

I don't often just rant at the void much anymore, but here's one that really gets me...

The fact that you are a Big Company and Powerful will not save you from a cybersecurity incident.

The fact that you can put pressure on your cybersecurity contracting and consulting companies through $$$ does not change the fact that you might need their actual real life assistance someday.

I consistently see some very powerful, large companies contract buying contracts across the industry and using their weight and brand power to try to skip things like retainer on-boarding, critical document sharing, and preparatory exercises.

Oh. My. Sweet. And Fuzzy. Lord.

I understand that you are very busy. I understand that it is hard to get everybody on a call, and find the right documentation. I understand there are lawyers and bureaucracy that make it more difficult to share certain materials. I understand you're getting a retainer because your insurer or regulator says to.

This changes nothing. If you really need to call an incident response / digital forensics consultant (and you probably will), they're going to need that information and preparation. No amount of money in the world will be able magic away necessary prep work. No amount of money thrown at the compromise will make it go away without work - unless you intend to replace your entire domain and computer network (also a lot of work). Your insurer will not fix it. Your brand will not fix it.

The requirements your legitimate retainer company put forth exist for a reason. They are not to steal our money or retainer hours. They are to make sure that an entirely unrelated team to your operations and technology will be able to walk in during a crisis and meaningfully assist without days of ramp up time. We need context to be able to do that. Network maps. Response plans. System and facility access directions. Understanding of your organization and comms plan.

That can't be wished away with money. Anyone, absolutely anybody legitimate in DFIR on planet Earth will need that information. If we don't get it ahead of time, we will be getting it on expensive hour burn before we can actually start to put out a fire.

That's all I have to say about that.

#cybersecurity #infosec #databreach

1+
Patrick Coyle

OCS Updates CFATS FAQ Response – 1-18-23 – FAQ response updated for inflation adjustment rule – Down the Rabbit Hole look at policy changes that were not made – tinyurl.com/wf5hzw9t Subscription required

0
Patrick Coyle

CFSN Detailed Analysis - Substack Daily Update – 1-17-23 – Free Content – tinyurl.com/bdfwz2jd

0
Patrick Coyle

Short Takes – 1-17-23 – Return to the Moon – Great powers – Intrinsic safety – Oxygen pipeline – S&T Research - tinyurl.com/y7m3r8n3

0
Patrick Coyle

Review - CFATS Regulation Changes – COI Changes – There is every indication that CISA intends to update their CFATS regulations – A look at some potential changes – Short version – tinyurl.com/yfnrhehm

0
Patrick Coyle

CFATS Regulation Changes – COI Changes – There is every indication that CISA intends to update their CFATS regulations – A look at some potential COI changes – tinyurl.com/2fmvt2wv Subscription required -

0
Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy