Friday News & Notes

ICS Security News

The lead story this week is the US Government will simulate a cyber attack on the New York City’s electric power system in an effort to convince the Senate that cyber security laws and regulation are required. I’m really curious how this will be done and what information will be provided to the lawmakers. Whatever information they get will inevitably leak out,  but there has to be enough to make a compelling simulation.

Igor Soumenkov of Kaspersky writes that the Duqu framework was not developed in Microsoft’s Visual C++. They have yet to figure out if it was a proprietary development environment or some other, as yet unidentified, environment. The reason this is relevant is Kaspersky says the Stuxnet Windows related code was developed entirely in Visual C++.

Page 1 of the February ICS-CERT Monthly Monitor talks about a real world building automation hack that had turned up the heat in the building. Interesting reading, but it brings into question DHS prioritization again. Why is a hack on a building HVAC warranting ICS-CERT attention? That said, it’s another solid edition of the Monthly Monitor — although we are probably biased based on articles 2 and 3.

Pike Research has released an analysis of 14 smart grid security firms. It has McAfee/NitroSecurity and Industrial Defender on top. Coincidentally those are two vendors that have recently commissioned reports from Pike Research. We’re not qualified to comment on the smart grid security analysis, but those two would be among the top for ICS security product sales.

Greg Schaffer marks the sixth departure from DHS cybersecurity leaders in less than a year. It has to be an incredibly difficult and frustrating job, but DHS is unlikely to succeed if they can’t keep a leadership team intact for more than a few months.

Tweet of the Week

[blackbirdpie id=”177315763122745344″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by Fraser Waters

Leave a Reply