And we’re back … with items from recent weeks.
A reminder to check out the S4x14 agenda and register for the event Jan 14-17 in Miami Beach.
ISA announced that Codenomicon’s fuzzing tools are approved for use in the Communications Robustness Testing (CRT) portion of the ISASecure certification. This is a positive step forward for ISASecure. Wurldtech’s Achilles was used as the de facto tool at the start due to the difficulty of writing a detailed tool criteria, but the vision was to allow multiple fuzzing tools to be used as long as they meet a certain level of rigor. This is now achieved with certification organizations having the choice between the Wurldtech and Codenomicon tools.
FERC approved NERC CIP V5 as expected, but there are some changes they will require in V6. As always Tom Aldrich has the best coverage.
Nice job by ICS-CERT to clarify the DNP3 vulnerability impact to the master station in their updates on Nov 14th and 21st. Still it has the incredibly weak statement “Impact to individual organizations depends on many factors that are unique to each organization.” Yes. Of course. Is there another place in DHS where they say this is a serious vuln, particularly for DNP3 in SCADA?
Tweet(s) of the Week
OH: “Gonna have to tell the customer that changing an excel document extension to “.gpg” doesn’t make it secure…”
— Graham Sutherland (@gsuberland) November 22, 2013
Worth Reading Articles
- Ralph Langner’s Final Stuxnet Analysis
Critical Intelligence’s ICS Security Event Calendar Updates
- Marcus Evans Utility Cyber Security Conference, Jan 14-16 in Atlanta, Georgia DP Note – Of course most of you will be at S4x14, right?
- SMI’s European Smart Grid Cyber and SCADA Security Conference, March 10-11 in London, UK
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by chrisinplymouth