Dragos Security founders Matt Luallen and Robert Lee announced their first product: CyberLens. CyberLens enables the passive discovery and identification of cyber assets on a network. I asked and Robert answered in a twitter discussion what makes CyberLens different than Tenable’s PVS and other solutions. The challenge products like Sophia and CyberLens have is: are the ICS intelligence advantages enough to warrant selecting a less complete, proven, likely to survive solution?
On a related note, the kerfuffle between Corey Thuen (Southfork Security) and INL on Sophia must have eased a bit as Corey is the guest presenter at the ICSJWG Webinar I Think, Therefore I Fuzz on March 27th. I couldn’t find a registration link on the ICSJWG site.
The Full Disclosure List was closed this week. A number of ICS vulnerabilities were first disclosed on this list, much to the dismay of many in the ICS community.
Continuing on disclosure, Jake Brodsky over on SCADASEC tells a story of finding a “wide open” FTP server at “a small controls firm that does ICS application software programming”. “It had correspondence regarding various ongoing projects with utility plant upgrades. It had application programs. It had drawings. It had spreadsheets of I/O maps and descriptions.” So they called DHS, who called the firm, and now there is a password on the FTP server. I’m sure loyal readers know that this is not enough. My question … has the firm notified their customers that sensitive data was Internet exposed for years? If not are Jake, DHS and the firm practicing “responsible” or even “coordinated” disclosure. Don’t answer that; it was to prove a point. Those words have always been subjective and ring hollow to me. And this is more evidence that disclosure is not worth the discussion because whoever finds the vuln will do what they choose to do.
The Japanese government recently held a cyber exercise. According to the JapanToday, “Some 50 cyber-defense specialists gathered at an emergency response center in Tokyo, with at least three times that many offsite, to defend against a simulated attack across 21 state ministries and agencies and 10 industry association.”
NERC issued the report on the GridEx II that occurred last December. Sit down off the record and over a beer with participants and you likely will get a different view of the events.