ICS Security News

Want to learn how Ruben Santamarta found the TURCK backdoor disclosed last week by ICS-CERT? Read his article on Identify Back Doors in Firmware By Using Automatic String Analysis. He pulls out the strings from firmware and then uses a tool he wrote called Stringfighter to identify likely hard coded credentials. Ruben we want you at S4x14.

A research report from Zpryme breaks down the $8 billion the US Government allocated to smart grid projects as part of the 2009 recovery act. $5.1B has been spent so far and $3.2B (63%) was spent on smart meters. The industry won’t see this market stimulating money again. The smart grid budget for 2014 looks to be $450M with most going to R&D rather than subsidizing meter purchases.

US Congressmen Markey and Waxman release a report they ‘wrote’ entitled Electric Grid Vulnerability – Industry Responses Reveal Security Gaps. The best part of the report is Table 1 on page 14. Key findings, such as utilities are under cyber attack, like every other company connected to the Internet, aren’t helpful. This mainly is a document to support past legislation that is being reintroduced.

May 28th is a big day in Japanese ICS Security as the government’s Control System Security Center (CSSC) will celebrate the opening of the ICS testbed in Tagajo. I haven’t visited the site yet, which is located close to Sendai and where the deadly tsunami hit, but the pictures show a truly first class facility for research and training.

ISA99 has released a draft of TR62443-2-2 Patch Management in the IACS Environment to help owner/operators develop a patch management program. They are looking for comments.

I generally avoid commenting on industry quotes in articles, but the Register article on respected expert Mark Fabro’s AUSCERT presentation is disturbing. It is not difficult to cause serious damage to the critical infrastructure by attacking an ICS. In fact, we had too many presentations at S4x13 showing how in simple ways that we are going to likely reject the simple attack sessions for S4x14. It certainly doesn’t require clearing 143K hurdles, and small team of 1-3 people with moderate skills and motive and a willingness to suffer the consequences of retribution can do significant damage. Perhaps the author didn’t accurately capture Mark’s viewpoint or maybe he was only talking about the difficulty of causing a nationwide blackout rather than just damage to a portion of the bulk electric system or other critical infrastructure.

Tweet of the Week

[blackbirdpie id=”337898969520807936″]

Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.

Worth Reading Articles

  • IOActive’s Identify Back Doors in Firmware By Using Automated String Analysis

Critical Intelligence’s ICS Security Event Calendar Updates

  • DHS/INL Advanced ICS Security Training (Red/Blue), Aug 12-16 in Idaho Falls, Idaho
  • DHS/INL Advanced ICS Security Training (Red/Blue), Oct 7-11 in Idaho Falls, Idaho

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by ChrisInPlymouth