Apologies for being late with the Friday News & Notes this week. I spent the end of last week getting some inspiration from people that achieve amazing things through passion and incredibly high standards in unrelated fields.
Heise, a major German publisher, introduced the German market to the Internet connected ICS. Nothing new here, but some good screen shots of what they found.
ICS-CERT strangely published 30+ mitigations for Shamoon. Why now? And what to these mitigations have to do with Shamoon? They are basic SCADASEC and INFOSEC 101. Backup, incident response, anti-virus, segment, … To be charitable this is a worthwhile message to put out over and over again, but if they wanted to take advantage of the Shamoon buzz to get this info out they are quite late. If they wanted to make a more compelling document, they could have tied the recommended controls into the attack and demonstrated how they would have helped prevent, detect or respond to Shamoon. ICS-CERT continues to be weak.
Rand Beers has been named the Acting Deputy Secretary of DHS. This may help ICSsec get a bit more attention since Mr. Beers was the Under Secretary for the National Protection and Programs Directorate (NPPD).
Patrick Coyle reports on a scheduled public meeting of the US Information Security and Privacy Advisory Board. The meeting will address issues related to President Obama’s Cybersecurity Executive Order.
Tweet of the Week
[blackbirdpie id=”329974483203002370″]
Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.
Worth Reading Articles
- SC Magazine Brief Interview with Marty Edwards < DP Note: Marty is that sincere, good guy you read in the interview. The last answer is a sad reality though.
Critical Intelligence’s ICS Security Event Calendar Updates
- ICSsec presentations at AusCERT, May 23-24 in Gold Coast, Australia
- APTA Securing Control and Communications Systems in Rail Transit Environments, June 5 in Philadelphia, Pennsylvania
- Rios/McCorkle Black Hat Training ICS for Pentesters, July 27-28 and July 29-30 in Las Vegas, Nevada
- Conference on Critical Information Infrastructures Security, Sept 16-18 in Amsterdam, The Netherlands
- ISA Advanced Industrial Cybersecurity, Sept 16-20 in Houston, Texas
- Cyber Security in the 21st Century for the Chemical and Petrochem Industries, Sept 24-25 in Houston, Texas
- Using ANSI/ISA99 (IEC 62443) Standards To Secure Your ICS, Oct 17-18 in Houston, Texas
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by duncan