ICS Security News

Slow summer week

IntegraXor became the first ICS vendor to offer a bug bounty (that we are aware of). The bounty is software licenses not points … “We do not pay out monetary reward but only pay off I/O point to use our software license.” This was met with more derision than applause. The practical impact of this I/O point license reward program is likely more marketing than getting bugs. Still they are the first. Interesting home page quote “who use our products/services: AGAR, CET Lab, ExxonMobil, FMC, HSBC, Hyundai, Krohne, KTM, Maxis, Murphy Oil, Petronas, Shell, Yokogawa.”

In a Journal of Strategic Studies article, I wrote about the likelihood and necessity of staging and retaining communication access to ICS cyber weapons. Bruce Schneier writes something similar in his Crypto-Gram article on Offensive Cyber Weapons. “Sometimes we have to embed the hostile code in those networks — these are called “logic bombs” — to be unleashed in the future. And we have to keep penetrating those foreign networks, because computer systems always change and we need to ensure that the cyberweapons are still effective.”

Tweet of the Week

Boasting about SCADA vulns? What next, boasting about kicking puppies?

— the grugq (@thegrugq) July 15, 2013

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by mag3737