SCADA Security News

Positive Hack Days in Moscow had a cool Critical Infrastructure Attack contest. “The contest’s participants will have to deal with a thermal power station, transport and city illumination systems and also with cranes and industrial robots.” Looking forward to hearing about the results.

Kim Zetter’s long awaited book Countdown to Zero: Stuxnet and the Launch of the World’s First Cyber Weapon is available for pre-order on Amazon.com. Still a long wait until it’s Nov 11th release though. Kim is one of the tech reporters that does a good job on ICSsec stories so I have high hopes for this book.

For those heading to Indianapolis in two weeks, the ICSJWG Agenda and SCADASides Speakers have been posted.

It took a while, but we finally ran the SCADAhacker out of the country. Just kidding Joel. Joel Langill has moved to Luxembourg and opened Infrastructure Defense Security Services. This is good news for those in Europe and the Middle East that want ICS cyber security training. Joel will still be offering his training classes in the US as well.

Our Project Redpoint enumeration scripts should be in the next release of Nmap. The documentation for the EtherNet/IP script is already posted.

The ICS-CERT Monitor hack example article spun completely out of control this week. It’s a shame that DHS didn’t use this feeding frenzy to highlight a real ICS security problem. You have to turn on those fat pitches.

Sean McBride of Critical Intelligence had an interesting take on DHS sending their experts to utilities with Internet connected ICS. “If you run critical infrastructure, and you put your poorly secured systems on the public Internet — you are negligent! Get your act together. I don’t think we are taking a long term view when we choose to reward negligence with free security consulting…”

I was intrigued by the title of a June 19th Symantec webcast, The Cyber Security War within the Energy Sector. I thought it might revolve around FERC / NERC / Utilities / Dept of Energy disputes on cyber security regulations. Instead it is just a colorful title for another ICS cyber security webcast. Want to bet a big part of the solution is … Symantec products and services!

If you need to kill some time on Friday, check out these nuclear reactor cutaway drawings.

Image by Urbanmkr