LAST DAY – Submit your presentation proposal for S4 2013, Jan 16-17 in Miami Beach.
Robert O’Harrow of the Washington Post continued his series to make cyber security issues understandable to the average WashPost newspaper reader. This time he covered spear-phishing with a lot of emphasis on ICS. Bob is making good use of the information and contacts he made at S4 this year.
We received an S4 proposal on demonstrating that anti-virus is ineffective. While the S4 audience knows this well, the authors Jan Siedl and Marcelo Ayres Branquinho have posted their paper online, Antivirus Solutions Are Enough To Protect Industrial Plants? It’s a useful paper with good data.
A bit of comedy – Immunity Inc. has the following Stuxnet course description: “In this class, students will build their own STUXNET worm and deploy it in the Qom nuclear plant. Travel to Tehran is provided as part of the class fee. Post-insertion monitoring of the worm’s progress will allow the students to learn how to do damage control in the media, should it ever get out.”
Tweet of the Week
Check out the picture.
Worth Reading Articles
- Brian Krebs’ great reporting Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent
- SecureWorks analysis of The Mirage Campaign that targeted oil companies
- Tenable blog Auditing Open Ports on Windows Systems Using Nessus (We have been asking Tenable for this, and it’s great they added it to the product. It will help a lot with CIP and other open port auditing.)
- Worth Listening – Patrick Miller of EnergySec/NESCO on the Down The Security Rabbithole podcast
Critical Intelligence’s ICS Security Event Calendar Updates
- TCIPG Webcast: Jason Larsen of INL, Title TBA, Nov 2
- EnergySec Training Cyber Security in Control System Environments, Nov 8 in Nashville, Tennessee
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by bixentro