Industry Solutions and Tivoli
By now you have probably heard that Ounce Labs was acquired by the Rational software division as part of IBM's cyber security solution build-out. This is great technology to insure software development and existing software is not the weakest link in the chain in our smarter planet projects.
For example, let's consider the 1,2,3's of how Ounce can help us in our work to secure the smart grid:
1) One of the key components of the Smart Grid is software
2) 99% of the software that powers energy-related applications and devices has been written with no attention to secure coding principles; hence, it is quite susceptible to attack
3) IBM/Ounce tools quickly scan large amounts of software to identify and help fix the most severe vulnerabilities in software
DavidBBartlett 0600017MDJ Tags:  virtulization security cloud 2.0 web computing cyber 3,125 Views
Today, at the RSA Conference, IBM announced new security products and services, in response to recent studies from the IBM X-Force security research group revealing that criminal organizations around the globe are developing new attack techniques with alarming speed.
Today’s WSJ reported cyber attacks in the pentagon’s $300B Joint Strike Fighter project and the Air Force’s air traffic control system. The F35 Lightning II fighter program reportedly lost several TB of data (1 terabyte (TB) equals 1000000000000 bytes )related to design and electronics systems used for defense of the plane.
Today’s engineering projects are increasingly deploying more collaborative business models to drive innovation and cycle time. They take advantage of new infrastructures like cloud computing, virtualization and Web 2.0 which provide great advantage but also introduce new risk.
Hannaford, the large grocery chain based in Maine(where we often shop) had 4,200,000 credit card numbersintercepted as they were being transmitted last month from store point-of-sale systems to their payments systems. The credit and debit numbers were intercepted and then transmitted in batches to a location overseas.
Hannaford claims to be PCI(Payment Card security standard) compliant, although, that has not been independently validated. For sure, PCI is critically important and goes a long way to protect card details but to insure protection of transit and payment systems, where hackers apparently are now focusing, you have to go beyond PCI! To Hannaford's credit they are now doing just that!
I was with a number of large banks in a financial security conference in Milan, Italy this month to study this issue. Our Tivoli architects have teamed with IBM ISS (internet security) to cover the 12 major areas of PCI compliance. More importantly we have products that go beyond PCI to provide more holistic protection. We are also developing this capability with companies such as ACI that providebanking applications.
After all, a supermarket 'chain' is only as strong as its weakest link, and it only takes one unmonitored port, for example, to destroy the credibility and trust of an enterprise.[Read More]