Friday News and Notes

ICS Security NewsAnd we’re back …

Congratulations to Idaho National Labs and DHS for winning a SANS Cybersecurity Innovation Award (note to self, create an award). It hasn’t been a great year for DHS or INL on the ICS security front, but this award for the red team / blue team hands on training course is well deserved. Attendees with varied backgrounds all rave about this course.

The European Network and Information Security Agency (ENISA) has issued an 81-page document entitled “Protecting Industrial Control Systems“. The document has seven recommendations that are not wrong but a bit obvious and repetitive, such as Foster Awareness and Understanding or Great a Good Security Practices Guide. We will do a more detailed blog on this document next week.

The Siemens web site now has an Industrial Security page. It’s a great idea, but only if there is honesty and candor rather than marketing spin. A quick view of the page and links did come across any of the outstanding S7 vulnerabilities, and the Worth Reading article below from Billy Rios continues a trend. More interesting is the promotion of the “comprehensive industrial security services, we will support you in taking the required steps against every conceivable threat scenario – and plan comprehensive solutions for maximum protection.” Will an ICS product vendor point the finger at one of their own ICS products with serious security deficiencies?

Tweet of the Week

End the year with a positive tweet.

[blackbirdpie id=”151774452319924224″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by bixentro

Leave a Reply