ICS Security News

We covered the big stories of the week, Siemens announcement, Flame and the NY Times article in earlier entries. Here is what else happened.

Emerson DeltaV vulnerabilities made an ICS-CERT Alert this week. This is noteworthy because DeltaV is not some free demo software used in low value targets. It is one of the most important DCS in the critical infrastructure. You rarely see vulnerabilities published in DeltaV because it is a closed system, Emerson provides it all, and it is very expensive so researchers can’t get access without signing NDA’s. The multiple vulnerabilities, found by Kuang-Chun Hung, can be exploited remotely. Kuang-Chun worked with the CERT’s and Emerson, and a hotfix is available to address these vulnerabilities.

Paul Roberts of Threatpost has a helpful summary article on ICS-CERT’s Cyber Intrusion Mitigation Strategies document that came out last Friday. Anything that shines a light on better detection and forensics is worthwhile at this point. It still is the infancy stage in the ICS community.

Tweet of the Week

[blackbirdpie id=”207173739614441472″]

Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by Ivy Dawned