Securing critical industrial infrastructure systems in manufacturing, distribution and product-handling environments is a major challenge. The main reason we haven’t seen a spectacular attack on one these systems is because it’s hard to pull off. But organizations in oil and gas, chemicals, utilities and a whole host of other industries need to take steps to protect their critical infrastructure, lest they fall victim to an attack by a nation-state, hacktivists or even insiders, according to a panel of security experts who spoke during the (ISC)2 Congress 2018, taking place this week in New Orleans. The panel was moderated by James McQuiggan, president of (ISC)2 Central Florida Chapter, and product and solutions security officer for Siemens Gamesa Renewable Energy. Industrial Control Systems

Securing critical industrial infrastructure systems in manufacturing, distribution and product-handling environments is a major challenge. The main reason we haven’t seen a spectacular attack on one these systems is because it’s hard to pull off. But organizations in oil and gas, chemicals, utilities and a whole host of other industries need to take steps to protect their critical infrastructure, lest they fall victim to an attack by a nation-state, hacktivists or even insiders, according to a panel of security experts who spoke during the (ISC)2 Congress 2018, taking place this week in New Orleans. The panel was moderated by James McQuiggan, president of (ISC)2 Central Florida Chapter, and product and solutions security officer for Siemens Gamesa Renewable Energy. Industrial Control Systems

Since humans are the number one target for cyber attacks, organizations need to implement strategies that teach users how to identify and avoid risks. Security awareness may well be the most important role of cybersecurity teams. That was the message delivered by Theresa Frommel, acting deputy CISO for the State of Missouri, at a breakout session of the (ISC)2’s Congress 2018, taking place this week in New Orleans. Repeating a suggestion from an attendee at her session, Frommel said it makes sense that users need to be “patched,” much like software systems have to be patched regularly to remove security vulnerabilities. Humans are the primary target for several reasons, including thinking too fast, causing us to make mistakes such as

Since humans are the number one target for cyber attacks, organizations need to implement strategies that teach users how to identify and avoid risks. Security awareness may well be the most important role of cybersecurity teams. That was the message delivered by Theresa Frommel, acting deputy CISO for the State of Missouri, at a breakout session of the (ISC)2’s Congress 2018, taking place this week in New Orleans. Repeating a suggestion from an attendee at her session, Frommel said it makes sense that users need to be “patched,” much like software systems have to be patched regularly to remove security vulnerabilities. Humans are the primary target for several reasons, including thinking too fast, causing us to make mistakes such as

The cybersecurity workforce skills gap is hampering the nation’s ability to combat cyber threats that target our way of life, economy and national security interests, according to U.S. Rep. Cedric Richmond (D-LA), who serves on the House Committee on Homeland Security. Delivering the first keynote at the 2018 (ISC)2 Security Congress, taking place this week in New Orleans, the Congressman said more work is needed at the federal, state and local levels, as well as in the private sector, to address the problem of cybersecurity and the skills gap. “We need a robust cybersecurity workforce,” Richmond said, citing a government estimate that 350,000 cybersecurity positions currently are unfilled. Addressing the problem will require a rethinking of how to train security professionals