ICS Security News

The court battle between Battelle/INL and Corey Thuen at Southfork Security is over. The settlement agreement gives Battelle all rights to Thuen’s Visdom product. While the case hinged on whether Visdom was a copy of Sophia and the Thuen employment agreement, the courts reaction to “you called yourself a hacker so you will break the law argument” and the lame national security impact contention were what made it worth watching. Now clear of entanglements with INL, Theun could start over and build a similar product, but neither Sophia or Visdom were hardly novel or even competitive with more full featured solutions.

Microsoft introduced a new version of their free threat modeling tool. We used their old tool in consulting projects, and look forward to trying out and writing about the new version. One immediate plus is it no longer requires Visio. Microsoft has included a drawing tool in the package.

Bloomberg reported “Electric, natural gas and major water companies and regional distribution systems in Connecticut have been penetrated by hackers and other cyber attackers, but defenses have prevented interruption”. We will be seeing this in slide decks.

WOW! NYISO unveiled their new $38M control center with a 2300 square foot video wall. There are a wide range of opinions on what makes a useful control room, but this one will certainly make an impression on visitors.

Wireshark added another ICS protocol dissector … Landis & Gyr (Telegyr) 8979.

And we probably need to put a note in about Heartbleed. There have been a few ICS-CERT advisories on the issue. Asset owners should look at SSL remote access to the ICS and SSL to security perimeter devices for management. Pre-Heartbleed, remote access to ICS should have been physically disconnected except for when emergency support is required.

Image by ChrisinPlymouth