SCADA Security News

Sean McBride of Critical Intelligence asserted at an RSA session it was a contractor named NEDA that introduced Stuxnet into Natanz. Mark Clayton broke the news in this article, and here is a link to Sean’s RSA slides.

Industrial Defender announced ASM support for the Schneider Electric (formerly Telvent) OASyS DNA system. There is a really helpful 6 minute video¬†that shows a demo of the integration and useful for those who haven’t seen what a SIEM can do. There appeared to be a bit more OASyS DNA knowledge in the menus and displays than what you would see in a Tenable Security Center or other competitive implementation. Still it was mainly ports, installed software, missing security patches, Windows events, … the standard things you would see in these types of tools. I didn’t see any indication they are bringing in the OASyS DNA security events that are logged outside the Windows Event log, but it was only a 6 minute demo.

There also is a less informative, but very slick video on monitoring ports and services from Industrial Defender. It shows the challenges of monitoring for changes, but glosses over the difficulty of determining what is required for operation up front.

The Crookston Times covers an Xcel lawsuit against GE. Xcel “alleges that GE and its affiliates knew about a defect in its turbine blades for decades and had documented earlier failures and improved its design, but never told Xcel about the problem.” A turbine failure at the Sherco 3 unit cost Xcel $200 million. Perhaps the most interesting part of the article is GE’s claim that 271 similar turbines are operating fine, and Xcel was “operated outside recommended inspection and maintenance requirements.”

Mark Ward of the BBC writes that energy firms are increasingly trying to get cyber insurance to cover ICS cyber incidents from Lloyds of London and others. The pull quote “Unfortunately, said Ms Khudari, after such checks were carried out, the majority of applicants were turned away because their cyber-defences were lacking.”

Say hello to Michael Toecker at the CIPC meeting in St. Louis next week, which is an industry body that discusses security issues relating to electric infrastructure.  The agenda is here.

Wind River announced a new version of VxWorks “to address the new market opportunities created by the Internet of Things (IoT)”. I’m unsure how a more modular architecture or other new features have much to do with the Internet of Things.

Image by TooFarNorth