The cancellation of the semi-annual conferences has curtailed ICSJWG public/private partnership efforts. Ostensibly this is due to the sequester. ICSJWG is now moving towards a quarterly webinar series on basic ICS security topics.
On Oct 28-29 FIRST is holding a symposium on Computer Incident Response in the Energy Sector. FIRST events are typically high quality, so consider this if you are in the DC area. Or consider submitting a presentation if you have something to say.
You can now buy one of Travis Goodspeed’s GoodFET boards assembled from adafruit for $50. My recollection is Travis preferred people assemble the boards themselves as a learning experience, but this makes life easier and is a good price.
FERC has delayed the date for NERC CIP Version 4 compliance by six months to 1 Oct 2014. FERC has clearly signaled that they intend to skip Version 4 and go straight to Version 5. The CIPofiles say this delay is to remove the uncertainty that there may be a short period time where Version 4 compliance is required.
A Philips smart lighting system was dumb on security. They uses a hash of the MAC address for authentication.
Wired covered a “computer glitch” that caused all cell doors in a prison wing to open at once. Of course, there is a control system and PLC’s involved. The best quote was at the end, “Ryan told WIRED he had never considered the possibility that the system might have been hacked — either from an insider or an outsider — but said investigators would now look into that.”
Tweet of the Week
— K. Reid Wightman (@ReverseICS) August 15, 2013
Worth Reading Articles
Nothing this week.
Critical Intelligence’s ICS Security Event Calendar Updates
- EMMOS User Conference, Sept 22-25 in Austin, Texas
- CHEMSecure Workshop, Oct 17 in New Orleans, Louisiana
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by chrisinplymouth