Today I’ll be on the SCADA panel as part of pauldotcom’s 350th episode. View it live at 11:30 EDT or listen to the recorded podcast later. Other panelists are Joel Langill, Patrick Miller and Justin Searle.
If you are interested in the latest on the Battelle v. Southfork legal action, and many of you are based on traffic, you can see the public files on the Southfork Security litigation page. Southfork has an Indiegogo campaign to raise money for their legal defense. While I don’t have any info on whether Battelle’s claims are legitimate or not, it is odd that they did not show evidence how the Visdom source code on GitHub was the same or extracted from the Sophia code when they requested the temporary restraining order. Did they not look at the GitHub code? Or did they feel the case would be less compelling with the comparison?
NIST published the Preliminary Cybersecurity Framework. This Framework was one of the items required in President Obama’s Executive Order earlier in the year. I need to work up the enthusiasm to read and write about the 44-page document.
IEEE Security & Privacy magazine is working on a special issue on Control Systems Security for the Energy Sector. Consider submitting an article if you have something to say. Abstracts are due on January 1st.
Waterfall Security is best known for their unidirectional gateways. This week they introduced the FLIP and a smaller form factor. The idea behind the FLIP is for owner/operators that can live with one-way 99.99% of the time, but once a day or so they need to bring data into the control center. For example pipeline scheduling information or other daily production information. The one-way is temporarily flipped, based on a command from the secure, control center side, to let the information in. It will be interesting to see if this idea gets traction for those owner/operators who can almost live with one-way.
Tweet of the Week
Added late, after the pauldotcom podcast:
@SCADAhacker@ErrataRob@digitalbond these legacy gaps/reasons stay permanent gaps/excuses when phased plans aren’t driven.
— Joshua Corman (@joshcorman) October 25, 2013
Worth Reading Articles
- Reid Wightman’s Introducing the Modbus VCR
Critical Intelligence’s ICS Security Event Calendar Updates
- Midwest ICS Security Symposium, Nov 14 in Columbus, Ohio
- ICS Security Sessions at NARUC Annual Meeting, Nov 17-20 in Orlando, Florida
- Matrikon’s Industrial Cyber Security for OPC Training, Feb 13-14 in Calgary, Alberta and Feb 20-21 in San Diego, California
- ISA99 Security Training, April 1-4 in Burbank, California
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by chrisinplymouth