TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Internet Explorer
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Lync
See all products »
Resources
Curah! curation service
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Subscriptions
TechNet Video
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Microsoft Update
Trials
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Related Sites
Microsoft Download Center
TechNet Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
e-Learning overview
Certifications
Certification overview
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Other resources
TechNet Events
Second shot for certification
Born To Learn blog
Find technical communities in your area
Support options
For small and midsize businesses
For enterprises
For developers
For IT professionals
From partners
For technical support
Support offerings
For home users
More support
Microsoft Premier Online
Microsoft Fix It Center
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Tags
Advisory
Anti-Malware
Applications
Architecture
Associations
Behaviour
Blog
botnet
Browsing
Chief Security Advisor
Children
Cloud
Cloud Computing
Collaboration
Competition
Compliance
Consumer
cost
Crime
Critical Infrastructure
Critical Infrastructure Protection
cybercrime
Cybersecurity Agenda
Data Protection
Development Lifecycle
Ecosystem
encryption
Event
Events/Training
Family
Freedom of Speech
Fun
Gaming
Government
Hacking
Home
Identity
Identity Theft
Incident Response
Incident Sharing
Incidents
Industry
Industry Associations
Internet Explorer
Interoperability
Law Enforcement
Legislation
Lifecycle
malware
Mass Mailer
Messaging
Microsoft
Microsoft products
Mindset
Mobile
Network
NGO
Online Safety
OpenSource
Passwrods
patch management
People
Phone
Piracy
Policies
Policy
Policy Makers
politics
Privacy
Processes
Products
protection
Real Life
risk assessment
risk management
Securing My Infrastructure
Security
Security Intelligence Report
Security Updates
Social Engineering
social media
Strategy
support
TechEd EMEA
TechEd-ITForum
Technology
Teens
Terrorism
trends
Trip
Trust
Trustworthy Computing
UN
University
Updates
Vulnerabilities
Windows
Windows Phone
worm
XBOX
Browse by Tags
TechNet Blogs
»
Roger's Security Blog
»
All Tags
»
critical infrastructure
Related Posts
Blog Post:
10 Years of Trustworthy Computing at Microsoft
rhalbheer
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
on
12 Jan 2012
Blog Post:
Cyber Security: The Road Ahead
rhalbheer
This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed...
on
14 Apr 2011
Blog Post:
How to Build a CERT
rhalbheer
Often, when governments look into Critical Infrastructure Protection, they start to build a CERT (Computer Emergency Response Team) or a CSIRT (Computer Security and Incident Response Team). The questions then always comes up: How do you do that? ENISA (European Network and Information Security Agency...
on
21 Jan 2011
Blog Post:
Stuxnet talks – do we listen?
rhalbheer
Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out there about the source and...
on
12 Oct 2010
Blog Post:
Publishing Secret or Sensitive Information
rhalbheer
With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not...
on
30 Nov 2010
Blog Post:
Mutual Authentication in Real Life–Launching a Nuclear Missile…
rhalbheer
A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether...
on
30 Mar 2011
Blog Post:
Keep all your software updated and current
rhalbheer
I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To me, today Windows...
on
13 Apr 2012
Blog Post:
Internet Surprisingly Stable in Japan
rhalbheer
My manager was on the Tokyo airport, when the earthquake started. We had a chat yesterday about this – he is back home in the meantime – and he told me that he was very surprised that, while the phone network broke Internet still worked and he was able to call his wife immediately after the first shock...
on
15 Mar 2011
Blog Post:
Council of Europe Octopus Conference- Some Thoughts
rhalbheer
l am still sitting in the parliament room of the Council of Europe at the celebration event for the Budapest Convention. It was another very good event advancing the challenges fighting Cybercrime. Let me try to summarize a few thoughts: The Budapest Convention is probably the best convention out there...
on
23 Nov 2011
Blog Post:
Stuxnet: Future of warfare? Or just lax security?
rhalbheer
What is your view?: Stuxnet: Future of warfare? Or just lax security? Roger
on
27 Sep 2010
Blog Post:
Cybersecurity–More than a good headline
rhalbheer
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking...
on
27 Oct 2011
Blog Post:
Targeted Attacks: The Biggest Risk in 2011?
rhalbheer
Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night. BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears I think that this is a real issue and very hard to fight! Roger
on
3 Jan 2011