Odd and troubling week.
DHS Secretary Napolitano announced Enhanced Cybersecurity Services — the US Government will share information on 0days and threats via a paid service offered by private government contractors like AT&T, Raytheon and Northrup Grumman. This would even include 0days purchased from researchers. Does this make or break the 0day market? How does this compare to a bug bounty? this is so odd it’s hard to even come up with a cogent argument for or against your tax dollars at work.
The US NIST published a document analyzing the request for information (RFI) responses to the upcoming cybersecurity framework. Respondents think it should be flexible, global, risk-based and leverage existing standards. Ok …
NIST issued Revision 1 of SP800-82 Guide to ICS Security. More importantly they announced an effort for a major update of this document to Revision 2 in the next year.
The NY Times and most other major media vaguely reported on cyber attacks on energy sector companies with the goal of sabotage or control of the ICS. The information is based on a non-public bulletin from ICS-CERT.
Anonymous announced Operation Petrol will start on June 20th against “greedy oil companies” and governments that support them.
The US Security and Exchanges Commission (SEC) reported that the 27 largest public companies sustained no major financial losses due to cyber attacks.
Tweet of the Week
[blackbirdpie id=”335287042772705281″]
Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.
Worth Reading Articles
- CIO Magazine article Beware The Coming SEC Regulations on Cybersecurity
- Tom Aldrich post Meanwhile, Back at the (CIP v3) Ranch
Critical Intelligence’s ICS Security Event Calendar Updates
- ICS Security Session at Ventyx World, June 11-15 in San Francisco, California
- UTC Critical Infrastructure Communications Policy Summit, June 20 in Washington DC
- Australian National SCADA Conference, Aug 15-16 in Melbourne, Australia
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by ChrisInPlymouth