Slow summer week
IntegraXor became the first ICS vendor to offer a bug bounty (that we are aware of). The bounty is software licenses not points … “We do not pay out monetary reward but only pay off I/O point to use our software license.” This was met with more derision than applause. The practical impact of this I/O point license reward program is likely more marketing than getting bugs. Still they are the first. Interesting home page quote “who use our products/services: AGAR, CET Lab, ExxonMobil, FMC, HSBC, Hyundai, Krohne, KTM, Maxis, Murphy Oil, Petronas, Shell, Yokogawa.”
In a Journal of Strategic Studies article, I wrote about the likelihood and necessity of staging and retaining communication access to ICS cyber weapons. Bruce Schneier writes something similar in his Crypto-Gram article on Offensive Cyber Weapons. “Sometimes we have to embed the hostile code in those networks — these are called “logic bombs” — to be unleashed in the future. And we have to keep penetrating those foreign networks, because computer systems always change and we need to ensure that the cyberweapons are still effective.”
Tweet of the Week
Boasting about SCADA vulns? What next, boasting about kicking puppies?
— the grugq (@thegrugq) July 15, 2013
Worth Reading Articles
- Perlroth/Sanger on Luigi Auriemma and Market for 0days
Critical Intelligence’s ICS Security Event Calendar Updates
- 1st International Symposium for ICS & SCADA Cyber Security 2013, Sept 16-17 in Leicester, UK
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by mag3737