The Cybersecurity Act of 2012, S 3414, died in the Senate this week, although they could try again after the recess. No great loss. It wasn’t going to pass the House, and it wouldn’t have made a difference in ICS security.
Jeffrey Carr over on the Digital Dao blog reports that Kaspersky is developing its own operating system for use in industrial control systems. Would any non-Russian companies trust this OS? Before the angry comments come in, yes the same could be said of any Chinese vendor, US vendor, German vendor, Israeli vendor, especially after Stuxnet.
Industrial Defender announced another partnership, this time with Elster and specifically Elster’s AMI offering. This is in addition to ABB, GE and Itron that were announced over the last couple of years. These types of partnerships can range from a marketing blip to a company like ID being the go to resource whenever security is mentioned. The easiest way to judge in this case would be head count. If even two of those four vendors are using ID as the main cyber security resource it would require serious growth, in the tens if not low hundreds of consultants and engineers.
CBS News has a report on the ineffectiveness of CFATS. According to the report, there has not been an inspection of a single chemical plant yet and not even one approved site security plan. Waiting for Patrick Coyle’s comments on this.
Waterfall’s Unidirectional Gateway received Common Criteria EAL4+ certification. The release does not specify what Protection Profile or Security Target was tested, but achieving this certification demonstrates that it was “Methodically Designed, Tested and Reviewed“. The EAL certification tends to be more important in Europe and other regions in the world than North America.
Advance notice of future Worth Reading is the Tallinn Manual – Manual on International Law Applicable to Cyber Warfare.
And finally the power failures in India are obviously a huge story that will likely be used in a variety of SCADA security presentations as a potential consequence scenario.
Tweet of the Week
Worth Reading Articles
- SCADASEC introduces Project SHINE
- ICS-CERT Monthly Monitor, June-July Edition
Critical Intelligence’s ICS Security Event Calendar Updates
- Smart Grid Security Virtual Summit, Aug 9
- DHS/INL Cybersecurity Training for ICS, Aug 7-9 in Indianapolis, Indiana
- Cyber Security for Chemical Industry, Sept 27-28 in Houston, Texas
- EU-US Open Workshop on Cyber Security of ICS and Smart Grids, Oct 15 in Amsterdam, Netherlands
- GridSec Summit 2012, Oct 22-24 in San Francisco, California
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by takomabibelot