The lead story this week is the US Government will simulate a cyber attack on the New York City’s electric power system in an effort to convince the Senate that cyber security laws and regulation are required. I’m really curious how this will be done and what information will be provided to the lawmakers. Whatever information they get will inevitably leak out, but there has to be enough to make a compelling simulation.
Igor Soumenkov of Kaspersky writes that the Duqu framework was not developed in Microsoft’s Visual C++. They have yet to figure out if it was a proprietary development environment or some other, as yet unidentified, environment. The reason this is relevant is Kaspersky says the Stuxnet Windows related code was developed entirely in Visual C++.
Page 1 of the February ICS-CERT Monthly Monitor talks about a real world building automation hack that had turned up the heat in the building. Interesting reading, but it brings into question DHS prioritization again. Why is a hack on a building HVAC warranting ICS-CERT attention? That said, it’s another solid edition of the Monthly Monitor — although we are probably biased based on articles 2 and 3.
Pike Research has released an analysis of 14 smart grid security firms. It has McAfee/NitroSecurity and Industrial Defender on top. Coincidentally those are two vendors that have recently commissioned reports from Pike Research. We’re not qualified to comment on the smart grid security analysis, but those two would be among the top for ICS security product sales.
Greg Schaffer marks the sixth departure from DHS cybersecurity leaders in less than a year. It has to be an incredibly difficult and frustrating job, but DHS is unlikely to succeed if they can’t keep a leadership team intact for more than a few months.
Tweet of the Week
Worth Reading Articles
- Bloomberg article Hacker Group Unveils Critical Attacks (DP note: I don’t like the headline or first two paragraphs, but the article has representative quotes from our conversation. Still, where is the news that these systems lack security and are fragile?)
- Government Computer News NIST Fills Some Gaps in Smart Grid Standards
Critical Intelligence’s ICS Security Event Calendar Updates
- EnergySec Webinar PKI Security Considerations for AMI, Smart Grid and ICS Networks, March 27
- ICS Security Presentations at AppSec DC, April 5 – 6 in Washington DC (Reid will be presenting the latest from Basecamp there, also presenting are stars Ruben Santamarta and Eireann Leverett and others)
- Distribution Automation 2012 Cyber Security Breakfast Workshop, April 18 in Nashville, Tennessee
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by Fraser Waters