United States Cybersecurity Magazine

LOGIN
SUBSCRIBE TODAY!
Menu
ProcessBolt

Topic: Engineering and Vulnerability Management

From the Spring 2019 Issue

QKD versus PQC: A Quantum Showdown? Part 2

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

QKD versus RQC

This is part two of a two-part article on secure key distribution in a post-quantum world.  Part one focused on Quantum Key Distribution (QKD) as a method to securely distribute encryption keys.  This article will focus on Post-Quantum Cryptography (PQC), which seeks new quantum-resistant (i.e., hypothesized, but can’t be proven, to be secure against) cryptographic … Read more

From the Spring 2019 Issue

Programmable Networking: Solving the Security Challenges facing SD-WAN

Author(s):

Edward J. Wood, ,

programmable-network-header

Enterprises are moving their communications to the internet. Private networks are costly, inflexible, and do not easily enable the digital transformation of their businesses. However, over the last couple of years, we have seen a plethora of SD-WAN technologies come to market. Safe to say, SD-WAN adoption has accelerated. Unfortunately, SD-WAN has a number of … Read more

From the Winter 2019 Issue

Free Isn’t Always Best– It should come with a Big Caution Sign

Author(s):

MG (Ret) Quantock, , United States Army (Ret)

Quantock-feature-image-wn19

The free mapping in your phone is a powerful tool. And while it’s not designed to fire an artillery shell on a precision target, the app has all the basic features you need. So, why doesn’t the U.S. military ditch its expensive firing systems for free solutions? Because, while free products often have the features … Read more

From the Winter 2019 Issue

Cybersecurity and Critical Infrastructure: A Growing Sense of Urgency – Part 1

Author(s):

Audie Hittle, Chief Innovation Officer , Mystek Systems, Inc.

AudieHittle-feature-image-wn19

This two-part article examines risks and implications related to securing American critical infrastructure. Part I examines the historical framework and the current state of critical infrastructure protection. Part II discusses ways threat responses can be improved. What happens if one day you awake and discover the power had gone off during the night? You may … Read more

From the Winter 2019 Issue

QKD versus PQC: A Quantum Showdown? Part 1

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

HilaryMacMilan-feature-wn19

The need for communications confidentiality has existed since humans developed language. Accounts of the Greco-Persian wars in fifth century B.C. described steganography, (hiding the existence of a message). Cryptography, on the other hand, hides a message’s meaning. The cryptographic task of encryption enables a sender to “scramble” a message’s content, rendering it unreadable to anyone … Read more

From the Winter 2019 Issue

Evaluating the Operational Technology Environment: Improving DHSs Cybersecurity Evaluation Tool (CSET)

Author(s):

Henry J. Sienkiewicz, Author,

HenrySienkiewicz-feature-image-wn19

Servers, laptops, mobile devices, routers, industrial control systems, fire control systems, elevator operations, are the connected technology components of modern life that perform particular functions, offer ease of use, and that represent risks and vulnerabilities to an organization’s cyber environment. The cyber environment is tied to physical devices, including networking equipment, intrusion detection systems, data … Read more

Blockchain Meets Cybersecurity

Author(s):

Zehra Ali, ,

Blockchain abstract, blue chain links

Where Blockchain Meets Cybersecurity Blockchain technology is a powerful public ledger that records every “block” of data as it moves across many computers. Businesses of all types and sizes have to deal with a lot of information on a daily basis. Data is usually an extremely valuable asset for their operations. But keeping it safe … Read more

Microsegmentation and a Zero-Trust Network

Author(s):

Caleb Townsend, Staff Writer, United States Cybersecurity Magazine

Server room, Microsegmentation in a zero-trust system

We are currently in an unfortunate situation where universally, every business model predicates itself around connectivity. In fact, to be on the edge of innovation is to connect, to everything, before anyone else connects. With each new development, security suffers immediately. The incredulity that is always met with a new Facebook data breach is going … Read more

From the Fall 2018 Issue

40% Of Breaches are Related to Credit Card Data: Is Payment Software Secure?

Author(s):

Kelvin O. Medina, Principal Security Consultant, Trustwave

credit-card-data-security-86491586

Forty percent of the data breaches for 2017 were reported as involving credit card data, according to the 2018 Trustwave Global Security Report.1 The data breaches analyzed used attacks such as phishing/social engineering, malicious insiders, and misconfigurations. This is illustrated below in Figure 1: Methods of Compromise2. Those numbers likely do not include hundreds of … Read more

From the Fall 2018 Issue

Zero Days and Zero Trust: Microsegmentation and Security in a World of Many

Author(s):

Jack Koons, Author,

koons-article-header

In a world where the business model is racing to connect everything, security is failing to keep pace. This sets up a dynamic tension within the organization between the network/infrastructure teams and the security teams. We are placing the current crop of CIO, CISO, and CTOs in an almost untenable position, and levying unrealistic requirements … Read more