And we’re back …
Congratulations to Idaho National Labs and DHS for winning a SANS Cybersecurity Innovation Award (note to self, create an award). It hasn’t been a great year for DHS or INL on the ICS security front, but this award for the red team / blue team hands on training course is well deserved. Attendees with varied backgrounds all rave about this course.
The European Network and Information Security Agency (ENISA) has issued an 81-page document entitled “Protecting Industrial Control Systems“. The document has seven recommendations that are not wrong but a bit obvious and repetitive, such as Foster Awareness and Understanding or Great a Good Security Practices Guide. We will do a more detailed blog on this document next week.
The Siemens web site now has an Industrial Security page. It’s a great idea, but only if there is honesty and candor rather than marketing spin. A quick view of the page and links did come across any of the outstanding S7 vulnerabilities, and the Worth Reading article below from Billy Rios continues a trend. More interesting is the promotion of the “comprehensive industrial security services, we will support you in taking the required steps against every conceivable threat scenario – and plan comprehensive solutions for maximum protection.” Will an ICS product vendor point the finger at one of their own ICS products with serious security deficiencies?
Tweet of the Week
End the year with a positive tweet.
Worth Reading Articles
- Billy Rios’ (@xssniper) post: The Siemens SIMATIC Remote, Authentication Bypass (that doesn’t exist)
- Dark Reading article: The 7 Coolest Hacks of 2011 DP Note: 1, 2 and 4 are control system related
Critical Intelligence’s ICS Security Event Calendar Updates
- DHS ICSJWG Spring Conference, May 7-10 in Savannah, Georgia
- Australian National SCADA Conference , May 28-30 in Melbourne, Australia
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by bixentro