A blurb on the Siemens site highlights the soon to be released CP 343-1 advanced communications processor for the S7-300 and the CP 443-1 advanced communications processor for the S7-400. It purports to create a closed network that limits communication to those within a defined cell. Perhaps we will be able to remove our “Siemens Has Not Fixed Stuxnet For” clock from the site. It’s at 557 days and counting.
Smithsonian Magazine has an article highlighting Richard Clarke’s views on Stuxnet. His Stuxnet comments are just reasonable guesswork on the source, and his technical details are wrong. But he is a big voice and his comments on the meta situation are dead on. Such as “I think we’re living in the world of non-response. Where you know that there’s a problem, but you don’t do anything about it.” … Yes! and surprisingly it is the people who know the problem, danger and impact best that are leading the intransigence.
The Energy and Power Cybersecurity Summit scheduled for April 5-6 in Atlanta was cancelled due to poor attendance. This is regrettable because the EnergySec event has historically been one of the better events with a high percentage of asset owners as attendees. It did suffer from one problem and regrettable conference trend — opening registration without a detailed agenda. Even as late as this week there were only broad title topics with no speakers associated or descriptions.
And we are ~45-days from the May 7th ICSJWG spring meeting and there is still no published agenda. I doubt ICSJWG will be cancelled, but it is hard to expect people to sign up to attend an event without an agenda.
Tweet of the Week
Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.
Critical Intelligence’s ICS Security Event Calendar Updates
- GovSec Critical Infrastructure Track, April 3-5 in Washington DC
- Webinar Cyber Security Order 706, April 10
- Seminar Cyber Security for Public Power Utilities, April 15 in Cleveland, Ohio
- NIST Workshop Cybersecurity for Cyber-Physical Systems, April 23-25 in Gaithersburg, Maryland
- IEEE’s Smart Grid 301 – Security, May 8 in Orlando, Florida
- Security Presentations at SCADA MENA 2012, June 12-13 in Abu Dhabi, UAE
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by TooFarNorth
I’m sad to hear about the Energy and Power Cybersecurity Summit being cancled. However we are having an ICS security track at AppSec DC in that same timeframe for thoes interested.
Presentations on:
Pentesting Smart Grid Web Apps – Justin Searle
Vulnerabilities in Industrial Control Systems – ICS-CERT
AMI Security – John Sawyer and Don Weber
Project Basecamp: News from Camp 4 – Reid Wightman
Real world backdoors on industrial devices – Ruben Santamarta
Denial of Surface – Eireann Leverett
Securing Critical Infrastructure – Francis Cianfrocca
Anyone from the cancled event can use code “ASDC12ENERGYSEC” for $100 off admission.
Dick Clarke is one of the most knowledgable and profound people to talk on cyberwar that I had the pleasure to meet. The man was asked for his opinion on who is behind Stuxnet, and he provided it. Why dismiss this as “just guesswork”? Anybody who KNOWS who is behind Stuxnet won’t (can’t) say, so this is as good as it gets. Those in the mood of dissecting the accuracy of technical detail in public statements on the worm will find much more and better material on DHS’ website and in several public statements of Sean McGurk. Dick is not an ICS security expert, and he doesn’t pretend to be one. For Sean, the situation is very much different. — The one thing in the article that made my day was the bizarre detail on Dick’s coffee machine, which made me recognize that journalists sometimes just can’t resist to focus on completely irrelevant personal detail. In one case it’s a coffee maker, in the next it’s shoes, or a rental car.