ICS Security News

The cancellation of the semi-annual conferences has curtailed ICSJWG public/private partnership efforts. Ostensibly this is due to the sequester. ICSJWG is now moving towards a quarterly webinar series on basic ICS security topics.

On Oct 28-29 FIRST is holding a symposium on Computer Incident Response in the Energy Sector. FIRST events are typically high quality, so consider this if you are in the DC area. Or consider submitting a presentation if you have something to say.

You can now buy one of Travis Goodspeed’s GoodFET boards assembled from adafruit for $50. My recollection is Travis preferred people assemble the boards themselves as a learning experience, but this makes life easier and is a good price.

FERC has delayed the date for NERC CIP Version 4 compliance by six months to 1 Oct 2014. FERC has clearly signaled that they intend to skip Version 4 and go straight to Version 5. The CIPofiles say this delay is to remove the uncertainty that there may be a short period time where Version 4 compliance is required.

A Philips smart lighting system was dumb on security. They uses a hash of the MAC address for authentication.

Wired covered a “computer glitch” that caused all cell doors in a prison wing to open at once. Of course, there is a control system and PLC’s involved. The best quote was at the end, “Ryan told WIRED he had never considered the possibility that the system might have been hacked — either from an insider or an outsider — but said investigators would now look into that.”

Tweet of the Week

ProTip from @OpenGarages: When hacking your car, don’t hack *your* car. Rent one instead (and buy the insurance). pic.twitter.com/PWiFSOThWc

— K. Reid Wightman (@ReverseICS) August 15, 2013

Worth Reading Articles

Nothing this week.

Critical Intelligence’s ICS Security Event Calendar Updates

  • EMMOS User Conference, Sept 22-25 in Austin, Texas
  • CHEMSecure Workshop, Oct 17 in New Orleans, Louisiana

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by chrisinplymouth