ICS Security News

Whither EnergySec? We wrote about the Dept of Energy defunding of EnergySec/NESCO back in March. It was a major blow and resulted in the loss of a large part of the founding team. Like other small businesses, EnergySec has tried to survive and adjust to succeed in the future. Based on emails I’m receiving and the website, EnergySec appears to have morphed into a training and event business. There is enough ICSsec training demand for a number of small companies to be doing quite well this year in this business area.

ICSJWG had a webinar this week to inform the community about their plan “to revamp and reinvigorate the ICSJWG”. It was also presented at the Fall Meeting, but I’ve yet to see the details. It’s good they realized some changes are required. ICSJWG has been a major step down from the PCSF that it replaced.

More DNP3 protocol stack vulnerabilities from Crain & Sistrunk. This week it is Cooper Power Systems implementation of DNP3. Patrick Coyle also wrote that the DNP3 User Group will be releasing public an application note on the lack of input validation that is causing these problems. Good move because their last announcement that basically stated the DNP3 protocol was fine, while technically accurate, was weak and not helpful to owner/operators.

Today is the final day to get your comments in on the NIST Cybersecurity Framework.

Tweet of the Week

Maybe even the tweet of the year.

Graham Calladine ‘Prevention with out detection is control without feedback’ | spoken like an ICS engineer #bluehat

— bryan owen (@bryansowen) December 12, 2013

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

  • Early notice of EnergySec Summit, Aug 19-23 in Austin, Texas

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by chrisinplymouth