ICS Security News

The Cisco blog provides broad details on six watering hole attacks on energy sector sites. ICS vendor support sites are high value targets for any group targeting critical infrastructure.

T&D World published a brief summary of the 11 ICS Security Research Projects that received $30M in funding from the US Department of Energy. As a past recipient we may be biased, but the DoE approach of identifying what is required in the Energy Roadmap and then funding projects to achieve it is a winner. The two that caught my eye are ABB’s effort to add authentication to substation comms and SEL’s project to secure last mile wireless (mainly because of SEL’s installed base).

Project Shine reaches one million Internet accessible ICS devices, with a very broad definition. I have mixed feelings on this news. On one hand it is important for these owner/operators to learn about and take these devices off the Internet. I’m a fan of the good work by the Project Shine team. On the other hand, the impact on what most people would call the critical infrastructure is very small. Congressional staffers and others with policy influence are captivated by this story and believe incorrectly, in my opinion, that removing ICS devices is a high priority, strategic item.

I couldn’t help but think of the potential ICS parallels as I read Kim Zetter’s great article How A Crypto Backdoor Pitted The Tech World Against NSA. Stuxnet where INL identified vulns are not fixed but used in an ICS cyber weapon. Little USG effort or even discussion about fixing insecure by design controllers and protocols over the last decade. It is a logical explanation. Tinfoil had off now.

Tweet of the Week

@selil Gen Alexander said we cannot ‘clear’ our way into info sharing. I wish that would trickle down. a govvie at #NISTCSF

— John McCumber (@johnmccumber) September 26, 2013

Worth Reading Articles

  • Cyber Pacifists blog Schneider Doesn’t Fix A Thing

Critical Intelligence’s ICS Security Event Calendar Updates

  • Congreso Iberoamericano de Ciberseguridad Industrial, Oct 2-4 in Madrid, Spain
  • ICS Session at SECtor, Oct 8 in Toronto, Canada
  • mGuard User Conference, Oct 9-10 in Stockholm, Sweden
  • ICS Session at MIRcon, Nov 5-7 in Washington, DC
  • Security track at ISA Automation Week, Nov 5-7 in Nashville, Tennessee
  • ICS Session at Hackfest 5, 8-9 Nov in Quebec, Canada < answer is swiss cheese
  • Networks & Security Track at Rockwell Automation Fair, Nov 13-14 in Houston, TX
  • ARC Industry Forum, Feb 10-13 in Orlando, FL

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by chrisinplymouth