Patrick Coyle’s Chemical Facility Security News site has started the 113th Congress Legislation page for cyber security legislation with emphasis on ICS. He has the go to site for US legislation news and analysis.

Was Stuxnet “a prohibited use of force under Article 2(4) of the United Nations (UN) Charter”? A paper from NDU looks at that and applies the Schmitt Analysis (“The Schmitt Analysis consists of seven factors that states are likely to consider when characterizing cyber activities: severity, immediacy, directness, invasiveness, measurability, presumptive legitimacy, and responsibility.”)

Pat Calhoun of McAfee has a grim view of Hacking As A Service (HaaS) in 2013. We are repeatedly asked why more critical infrastructure disasters initiated by cyber attacks have not happened. It’s not difficult to do, so the only answer I’ve been able to come up with is the attackers are not ready to deal with consequences of getting caught, or on a more positive note many who can don’t want to cause that chaos and suffering. My concern is that a lot of these “cyber weapons” are being deployed or pre-staged for when they might be needed. I have an article coming out on this shortly.

This week saw a number of articles stating that there was no evidence that Iran was behind the DDoS attacks on US banks, and a lot of the reporting was inaccurate in other ways. Dan Goodin’s a good example (and why didn’t I invite Dan to cover S4, my mistake because he is a great ICS security writer).

Tweet of the Week

[blackbirdpie id=”287932800735252480″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

Nothing this week

Critical Intelligence’s ICS Security Event Calendar Updates

  • DHS ICSJWG Spring Conference, May 6-9 in Phoenix, Arizona
  • Using the ANSI/ISA99 Standard to Secure Your Control System, July 18-19 in Research Triangle Park, North Carolina
  • Using the ANSI/ISA99 Standard to Secure Your Control System, Nov 5-6 in Houston, Texas

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.