A poignant reminder this week that Safety products and SIL ratings to not consider malicious attacks or even accidental spurious data. The CoDeSys development system is SIL2 certified, and they produce something called CoDeSys Safety that is SIL3 certified. Feel safer?
DHS’s ICSJWG (still hard to believe that acronym) is holding their Spring Meeting May 6-9 in Phoenix. The Call for Papers/Abstracts is open now until Feb 22nd. It’s a good event, free, and something you should attend about once every two years.
Wired named Eugene Kaspersky as the 8th most dangerous person in the world. The reason, he “systematically identified each of Washington’s malware projects — and in so doing, rendered the Stuxnet, Flame, and Duqu espionage programs useless.” Followed by the real controversial statement “All of which now has Western intelligence services scratching their heads. Did Kaspersky’s researchers operate on their own when they outed all that anti-Iran malware? Or did they pull it off with some Kremlin help?”
The University of Notre Dame included “Hacking Into Medical Devices” in their first annual List of Emerging Ethical Dilemmas and Policy Issues in Science and Technology. They use Barnaby Jack’s shocking pacemaker hack as the example.
President Obama released the National Strategy for Information Sharing and Safeguarding Information (pdf). Many believe this is a key or even the key to making progress in ICS security, but loyal blog readers know I believe information sharing efforts are a sideshow or will have a minor impact at best. Jump straight to the objectives on pages 14, 15 and decide for yourself if this document and strategy has value.
FERC officially revised the bulk electric system definition, which is what they regulate. Pull quote: “While speed is relative, it is worth noting that in about two years, we have moved from Order No. 743, which directed NERC to revise its definition of bulk electric system, to today’s Final Rule”.
Tweet of the Week
Worth Reading Articles
- Felix FX Linder’s Targeted Industrial Control Systems Attacks (He says Stuxnet is a showcase in good engineering)
- US Army War College Breaking The Status Quo: Information and the Future Force
Critical Intelligence’s ICS Security Event Calendar Updates
Nothing new this week
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by dannynorodo