Friday News & Notes

ICS Security NewsProject Basecamp tools was a big story, but we have covered that thoroughly on this site.

The other big stories, at least in the US, are happening in Washington DC. The Senate Cybersecurity Act of 2012 came was introduced by a bipartisan group of Senators. Homeland Security Television has a great, one-page at a glance summary.  You can watch the Senate Testimony here. From CNN’s summary: “private companies that control such “critical infrastructures” would be identified the Department of Homeland Security and each individual company would be required to secure their own networks from cyberattack, and then “self-certify” in an effort to show the U.S. government it had complied. DHS would have the opportunity to spot check companies, and failure to secure could lead to civilian penalties.”

Not so fast though, Senator McCain and seven other senators plan to introduce a competing bill that gives NSA the power to work domestically for the first time to stop cybersecurity threats. Sen. McCain also questioned providing additional power and responsibilities to DHS and the burden on the private sector of these regulations … so maybe it is not a done deal.

President Obama also released a proposed budget for next year that provided some clues. Patrick Coyle dug into the details and found on page 2118 of the budget rationale that ICS-CERT would increase from 9 to 12 full time employees in this budget. Other than small details like that, the budget related to ICS security remained about flat.

Dutch researchers showed how water control systems in the Netherlands could be hacked and maliciously operated to flood the Netherlands with water and wastewater. It sounded a lot like the Australian wastewater hack until you release how important water control is to the large areas that are below sea level. The impact of an ICS attack here would be huge.

Joel Langill joined the growing number of ICS security training options in announcing his new 5-day training course Understanding and Securing Industrial Control Systems. He also announced a 1-day introductory course. Joel is the former Infosec Institute teacher so it will be interesting to see who takes over that class. Now with a full field of private sector courses will DHS/INL finally admit they are competing with industry, which they are prohibited from doing, and stop their basic and intermediate training?

Travis Goodspeed has been wardriving around Knoxville, Tennessee looking for Zigbee, 802.15.4 access points with his mobile kit. He took some pictures that are worth a look. 802.15.4 is the basis of many DCS wireless systems including WirelessHART and ISA100, although those protocols do add security at layer 3.

Tweet of the Week

[blackbirdpie id=”170362894180040705″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by Luigi Lombardi

1 comment to Friday News & Notes

  • Saint Nick

    I love your comment that DHS/INL ICS training is infringing on private sector training. These guys show up to every conference, using taxpayer’s dollars, to promote their “free training” and other free products and services (system assessments, product assessments, self-assessment tools, etc.). They even promote internationally. I’m sure, DHS cuts a check to INL for every student that attends their training. How convenient is it that the director of the DHS CSSP lives in Idaho and used to work for INL? The whole thing stinks but I’m afraid to say anything with my real identity.

Leave a Reply