I asked Eyal Udassin of C4-Security in Israel to comment on the ICS hack disclosed this week. “The hack isn’t something for the books. It’s of small kibutz named Sa’ar in the northern part of Israel, indeed from a year ago. The operator had a remote access software with no password on it, so not surprisingly it was hacked. He found out that someone moved the screen view the same morning, so he understood immediately that something is fishy and changed the remote access method to a secure one.”
ISA99 released another draft standard for comment this week – ISA-64432-4-1 Product Development Requirements. I’ll write up my thoughts on it in an article next week.
Kim Zetter of Wired covered another vulnerable ICS connected to Internet story this week. It normally wouldn’t warrant mentioning as loyal readers have certainly heard enough of this Shodan / Internet search story. However, it was a Google Building Energy Management System.
Tweet of the Week
[blackbirdpie id=”331627829101989888″]
Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.
Worth Reading Articles
- Dan Goodin’s article on the use of Honeywords.
Critical Intelligence’s ICS Security Event Calendar Updates
Nothing this week.
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by ChrisInPlymouth