SCADA Security News

The US Securities and Exchange Commission (SEC) is starting to crack down on cyber incident and cyber risk disclosures. They recently sent letters to six companies, including Eastman Chemical, asking for more information. This is the type of activity that gets C-level attention because they are responsible for SEC disclosures.

Justin W. Clarke found another backdoor account in ICS network infrastructure equipment, this time in the GarrettCom Management Software. It appears to require login with an established account before the administrative level account with hard coded password can be used. A patch from the vendor is available.

INL announced their Sophia Tool that identifies new communication on the network. It trains to learn what communication is normal and then alerts when a new source/destination/port combination occurs. The concept is good because SCADA and DCS communication is static compared to a corporate network. It’s not particularly novel as Tenable’s Security Center, WhatsUp Gold’s FlowPublisher, and many other tools do this today. I continue to be baffled on why INL competes with industry. That said, if INL makes this available at no or low cost to owner/operators it’s worth a look.

Reading the tea leaves it looks like President Obama will issue an Executive Order or Presidential Directive on Critical Infrastructure Cyber Security prior to the election. His team hinted at this a few weeks ago and now Senator Feinstein has urged him to do this. Politically for the President there is upside in being viewed as taking action on Critical Infrastructure Cybersecurity where Congress failed, and there is little downside. And President Obama has not been hesitant to use Executive Orders. What will be in the Executive Order is a tougher to predict.

And on the other side, cybersecurity has made it into the Republican Party Platform. There assertion that the best way to improve critical infrastructure cybersecurity is to pass laws to allow information sharing is laughable. I still contend that DHS and other government agencies have every authority they need to demonstrate the massive insecure by design issues in SCADA and DCS. They just need to take off the gloves and prepare for a lot of vendors and owner/operators to look bad and be angry.

Qatar’s RasGas has now been hit with a malware attack. The malware, size and scope is not yet publicly known. It is interesting how RasGas quickly announces that the ICS and operations are unaffected. As noted in an earlier article this week, unaffected may not mean that the malware did not spread to the ICS.

If you are interested in the security of rail ICS consider attending the American Public Transportion Association’s Webinar: Cyber Security of Control and Communications Systems for Rail Transit – Scope and Application for APTA Standards on Sept 13th. Dave Teumim and a few others have been slogging away at trying to gain momentum for cybersecurity in this sector. The webinar will go over the Recommended Practices that APTA has been developing.

Offensive cyberwar efforts are out in the open now with the US Air Force requesting concept papers for future funding for “the potential to enhance Air Force operations focused on Cyberspace Warfare capabilities access, position, maneuver, and strike within the adversary cyberspace domain in support of the Combatant Commanders (CCDR) and national objectives.”

Congrats to pauldotcom for their 300th podcast.

Tweet of the Week

[blackbirdpie id=”240874261764534272″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Critical Intelligence’s ICS Security Event Calendar Updates

  • NESCO Webinar Year 2 Update, Sep 7
  • EnergySec Webinar Energy Utility Security Risk Management and Compliance , Sep 12
  • EUCI Webinar Resource-Based Information and Operational Security Compliance Management, Sep 25
  • NESCO Town Hall Meeting, Sep 27 in Portland, Oregon
  • ICS Security Presentation at DerbyCon, Sep 28 – Oct 1 in Louisville, KY

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by Luigi Lombardi