SCADA Security News

First we had GLEG developing SCADA exploit packs for Immunity’s Canvas. Now ExCraft Labs out of Cypress is producing the SCADA Pack for Core Impact Pro. It includes 50 exploit modules with about 15 0days. Mostly usual suspects of WinCC, Cimplicity, Advantech, …

It’s great to see GE formally announce the successor to the GE20, the GE 20MX. It still has some insecure by design issues, but it is a modern platform than can be updated to support necessary security features, hopefully in the near future. I can now pull the picture of the Apple 2 from my Project Basecamp presentation.

The Obama administration and Senate have been stressing that the Cyber Security Framework and legislation is going to be voluntary, not regulatory. The only reason to bother with legislation or a government cybersecurity framework for the ICS world is to support regulation. There are plenty of guideline documents and a growing number of standards that are already widely ignored. And why was an Executive Order required to develop a voluntary guideline document? DHS and DoE have already published many of these.

Bayshore Networks has an ICS field firewall / security device that I’ve been meaning to review. This week they announced a partnership with BAE Systems. BAE will sell and integrate the Bayshore SCADA Firewall.

(Hard to believe that Barnaby Jack is dead. I only knew him by legend.) IOActive is going all in with the ICS type presentations at Black Hat / DefCon. Medical devices, automobiles, and attacking RF used for sensor networks. The auto hacking is the presentation I hate to miss.

Tweet of the Week

The age of the connected car will bring new safety, comfort — and threats http://t.co/OZWFNAfGDL via @NBCNewsTech

— pjcoyle (@pjcoyle) July 26, 2013

Worth Reading Articles

  • Thomas Rid’s Foreign Policy article on the INL/DHS Advanced ICS (Red/Blue) Training … DP Note: Don’t blame Thomas for the headline
  • Tom Aldrich on CIP Version 5 Conversion Plan … Only if CIP affects you

Critical Intelligence’s ICS Security Event Calendar Updates

Nothing this week.

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by derekb