Thursday, January 2, 2014

2014 -- And What It Brings...

Happy New Year!  Welcome to 2014 and all the opportunities it brings!

Wow, 2013 has flown by!  For this year I will continue to focus this Blog on Critical Infrastructure issues and augment it with some discussions focused on some of the key questions and topics I think will affect all of us this year.

So, for a “bulletized” recap of the topical areas I’ll ponder please consider the following:

·         Critical Infrastructure Protection
o   What will happen with the NIST Cybersecurity Framework?
o   What news and events will surface for the 16 critical infrastructure areas designated by PDD-21?

o   How will the electric industry react to the new NERC CIP Version 5 mandates? And the NIST Cybersecurity Framework?

·         Industrial Controls Systems Security
o   This is a continuation of the areas reviewed last year including the SANS Global Industrial Cyber Security Professional (GICSP) certification activities and new ICS-security emphasis from other cyber-security agencies outside of the US ICS-CERT and even overseas with ENISA, etc.

·         Supply Chain Security
o   I find this a fascinating topic that is finally getting to the front pages of many business journals
o   Again, I will be examining ideas for both physical and cyber protection as well as new legislation impacting cyber defense and threat mitigation

·         Cyberwar
o   This area is particularly intriguing with continued stories about nation-state attacks and defenses
o   Added discussions about “hack-back” and “Active Defense” will be included

·         Cyber Risk Issues and Psychology of Security/Risk
o   The annual meeting in Davos for the WorldEconomic Forum surfaces some very interesting discussions about threats to the digital economy that are not part of the mainstream IT press

So, this should be an interesting year and one that keeps us all busy.  Overall, though, my objectives for this Blog are to a) educate, b) entertain and c) make you think about today’s new challenges to our security and critical infrastructure resilience.

Lastly, I’ll also be busy with Twitter forwarding news items that follow the themes above.  Feel free to follow me @ErnieHayden

I look forward to your comments, ideas and feedback and if you hear of some news items that fit into my list above, I’d love to hear about it at

Happy New Year and all the best!