The big story of the week was from Bloomberg’s Robertson & Riley: Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar Era. While the headline isn’t correct, the sourcing is anonymous and some of the technical conclusions are wrong, this is a great example of what cyber weapons may be used for in the future. There may be, and I’d argue will be, many uses of ICS cyber weapons that will not be “war”. I’m looking forward to these discussions at ICSage.
The US House and Senate passed some cybersecurity legislation this week. It will have little impact on critical infrastructure / ICS security, but now the Representatives and Senators can say they did something. It is truly sad if Rep. Meehan is correct in saying, “S. 2519 is the first significant cyber legislation in a decade and among the most important legislation that has been passed this Congress.” You can judge for yourself. Here is the House write-up of the benefits of S.2519 National Cybersecurity Protection Act.
Bedrock Automation has been in semi-stealth mode, if there is such a thing. They have been positioning a “clean sheet of paper” approach to ICS and ICS security. Building a new system from scratch. Details have been and are still very limited, but they released a white paper this week.
Adam Segal from the Council on Foreign Relations published The Top Ten Cybersecurity Incidents in China of 2014.
Not sure exactly when this was published in 2014, but also worth reading is Chris Valasek and Charlie Miller’s A Survey of Remote Automotive Attack Surfaces.
The US Dept. of Homeland Security (DHS) will provide research funding for two somewhat ICS security related topics: Privacy Protecting Analytics for the Internet of Things and Enhanced Distributed Denial of Service Defense.
Can’t make this up… http://t.co/AKIeRxbPPw
— Billy Rios (@XSSniper) December 12, 2014