Category Archives: cybersecurity

Lisa Dundon October Marks National Cybersecurity Awareness Month 2014

In this day and age, nearly every aspect of our lives has become digital. Even when we’re not directly connected to the Internet, our critical infrastructure — the vast, worldwide connection of computers, data and websites supporting financial transactions, transportation systems, healthcare records, emergency response systems, personal communications and more — is and it impacts us all.

National Cybersecurity Awareness Month (NCSAM) – celebrated each October – was created to help engage and educate public and private sectors about the importance of staying safe online through special events and initiatives. Since its inception 11 years ago, NCSAM has grown exponentially, and information about online safety continues to adapt to the changing threats that exist, reaching consumers, small and medium-size businesses, corporations, educational institutions and people across the nation.

banner 300x250 October Marks National Cybersecurity Awareness Month 2014

According to the National Cybersecurity Alliance (NCSA), securing cyberspace, including the devices and networks we use, is a shared responsibility. Individual actions have a collective impact and using the Internet safely makes it more secure for everyone. If each person does their part by implementing stronger security practices, raising community awareness, educating family and friends, and training employees, our digital society will be safer and more resistant from cyber-attacks.

This year, each week of NCSAM has a theme to help focus on core issues:

  • Week 1 (October 1-3) – Stop. Think. Connect.
  • Week 2 (October 6-10) – Secure Development of IT Products
  • Week 3 (October 13-14) – Critical Infrastructure and The Internet
  • Week 4 (October 20-24) – Cybersecurity for Small- and Medium-Sized Businesses and Entrepreneurs
  • Week 5 (October 27-31) – Cybercrime and Law Enforcement

AGA will once-again be an active participant of NCSAM by posting blog articles related to the weekly themes, as well as daily content on our Facebook and Twitter pages using the official hashtag, #NCSAM. Let us know how your organization is informing utility customers about how to stay safe online in the comments section below. AGA will feature your efforts on our blog and social media accounts.

Posted in cybersecurity, education, events, safety, technology | Leave a comment

Lisa Dundon National Cybersecurity Awareness Month: Creating Strong Passwords

*AGA’s Director of Information Technology Nate Craft co-authored this article.

The internet is part of nearly every aspect of our lives from the home to work to play. With the swipe of a tablet or smartphone, you can manage your bank account, pay your bills, communicate with colleagues, friends and family around the world, and store and access information from virtually anywhere. However, it also means that our personal information is at a greater risk of being compromised than ever before – making cybersecurity one of our nation’s top priorities.

ncsam10 logo 300x85 National Cybersecurity Awareness Month: Creating Strong PasswordsNational Cyber Security Awareness Month (NCSAM) – celebrated every October – was created as a collaborative effort between government and industry officials to educate the public and private sectors through special events and initiatives. Since its inception 10 years ago, NCSAM has grown exponentially, and information about protecting ourselves online continues to reach consumers, small and medium-size businesses, corporations, educational institutions and people across the nation.

So how do we protect ourselves from cyberattacks? The National Cybersecurity Alliance says everyone has a role in securing their part of cyberspace, including the devices and networks they use, starting with strong username and password combinations. Until a more secure method of authentication is conceived there are certain best practices you can utilize when creating a password to better secure your online accounts.

These best practices include:

  •  Use numbers and special characters in passwords: A common technique for “cracking” a password is known as a brute force attack in which a file containing a large list of common words is used to attempt to guess a password. By adding numbers and special characters to your password it will become more difficult to compromise your password via a brute force attack.
  • The longer the password the better: Longer passwords take longer to “crack” because they have more characters and are therefore more difficult to guess.  Most websites require a minimum password length of eight characters, but it is good idea to use a longer password. For example, a 12 character password is twice as strong as an eight character password.
  • Use a different password for every site: Using a different password for each site that you have an account on will ensure that if your password is compromised on one site it is not compromised on all the other sites for which you have accounts.
  • Use a password management application: There are several applications available that can store and maintain your passwords for you. These applications make use of modern cryptography in order to securely store your password in an encrypted file. Instead of remembering 20 passwords you only need to remember one password to unlock your password file.

As part of the month-long initiative, AGA will be posting weekly blog articles about cybersecurity topics, as well as daily content on our Facebook page and Twitter handle using hashtag #NCSAM. Let us know how your organization is informing utility customers about how to stay safe online in the comments section below. AGA will feature your efforts on our blog and social media accounts.

Posted in cybersecurity, energy, people, safety, technology | Comments Off

Jim Linn Protecting Your Personal Items from Cyber Attacks

AGA wraps up National Cyber Security Awareness Month with a guest blog post by Jim Linn, Managing Director, Information Technology

I have been fortunate to work in the information technology field since the early 1980s. Back then, the world was a much different place with far less emphasis placed on cybersecurity. Frankly, not all computer systems, databases and networks required user IDs and passwords. Not every employee had access to a work computer and few people had computers at home. Not only was there no such thing as a smart phone, but we didn’t have cell phones. Today, most people run a home network of devices connected to the internet, including computers, TVs, gaming devices, tablets and smart phones, which provide endless entry points for cyberhackers to compromise system integrity and ultimately, your personal data.

The landscape of cybersecurity continues to change, so it is important to recognize that you won’t be able to block every intrusion out there. But you can help to minimize these harmful opportunities with multiple tips and resources. Here are some of my recommendations for protecting and securing your personal technology to get you started:

Home Internet Access

Make sure your home wireless router is password protected. Another solid recommendation is to hide your wireless network or Service Set Identifier (SSID) which makes it far more difficult for cyberhackers to find. The longer it takes to find, the longer it takes to compromise.

Anti-Virus Software

Install the latest anti-virus software on all home computers. If cost is a concern, there are quality anti-virus programs available at no cost. It is important to prevent viruses and any sort of malware, which can do anything from export all of your personal data to erase your entire hard drive, from being installed on your computer.

Back It Up

External USB-attached hard drives are great backup devices and the cost for these has dropped significantly. In addition, there are some services that provide online-based computer backup. If you have data on your computer that you can’t afford to lose, such as important work, music, digital photographs, etc. you need to back it up.

Email

One of the most widely used email scams in recent times is spear-phishing. Perpetrators use email addresses that look like the address of a person or an organization you know. All they need is for you to open the attachment or click the link and your computer may become compromised and/or infected. Take care to look closely at the email addresses of incoming mail and at the message itself. Be wary of communication that asks for immediate action, offers prizes or asks for personal information. Take the time to investigate anything that does not look correct before opening the attachment or clicking the link.

Cell Phones and Smart Phones

Phones continue to house more and more personal information. Setup a strong passcode to lock your phone or handheld device so that if it is lost or stolen it cannot be accessed.

These are just some of the many ways you can help to reduce the risk of a personal cybersecurity attack. For additional tips and resources on how to protect yourself, your family and your devices online, visit staysafonline.org – powered by the National Cyber Security Alliance.

Although National Cyber Security Awareness Month has come to a close, cybersecurity remains a top priority at AGA year round. Stay connected with AGA for continuous coverage of cybersecurity topics and content on AGA’s website and blog, and through our Facebook and Twitter accounts.

Posted in cybersecurity, people, safety, technology | 3 Comments

Lisa Dundon AGA: Intrusion Detection More Feasible Than Cybersecurity Prevention

Maintaining the security of our nation’s cyber networks is vital to protecting the country’s natural gas infrastructure. Online threats continue to change, thus our industry must remain active, engaged and vigilant. Whether we’re discussing the 2.4 million miles of natural gas pipeline or the cyber networks that help our businesses to operate, safety is the number one priority for AGA and our more than 200 utility members.

U.S. Homeland Security Logo AGA: Intrusion Detection More Feasible Than Cybersecurity PreventionRecognizing the ever changing cybersecurity landscape, it’s important to accept that you won’t be able to block every intrusion out there. It is critical that resources are dedicated towards both detecting an intrusion and limiting the ability of a cyber attacker to transverse the organization’s network.  Many of our members are working with the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the U.S. Department of Homeland Security, to accomplish this goal.

“A robust cybersecurity program has detection as a priority,” says AGA Director of Engineering Services Kimberly Denbow. “With a solid detection program, the operator increases the chances of slowing down the assault or stopping it before any critical functions or information is compromised.”

This layered approach, known as the “defense in depth” strategy is used by operators to protect control systems. Think of this as multiple doors an intruder would need to go through in order to access the inside of a closet in your home. Each door is rigged with a sensor or some type of detection mechanism. If the intruder made it into your house and to the closet, the chances of actually getting to your possessions inside the closet are significantly decreased because of the delays caused by the “layers,” or doors, and sensors that would be highlighted at each point.

It is important that companies continuously update and adapt their action plans in order to prepare for and detect potential cybersecurity attacks. Only through an environment that fosters increased operator awareness of cyber attacks and intrusion activities, increased information sharing, and increased training, can operators deploy customized cybersecurity platforms and mechanisms most suitable in a time-sensitive setting for their individual and distinct operational criteria. Government – private partnerships are critical to this end, and AGA is committed to these efforts and helping our membership reduce the risk of cybersecurity attacks that could significantly affect their businesses and the nation’s energy infrastructure.

Posted in cybersecurity, Natural Gas, people, safety, technology | 13 Comments