Kaspersky’s analysis found that Flame and Stuxnet had code in common according to an article in TPM. ”The code in common was used to install and propagate the malware onto computers from an infected USB stick by causing the victim’s computer to “autorun” the malware once the stick had been inserted.” This is even more interesting with the recent reporting that the US and Israel created Stuxnet. Kaspersky also said that Flame preceded Stuxnet by a couple of years.
In a related story, the Government of India has reportedly approved developing offensive cyber security capabilities according to The Register. The recent Obama/Stuxnet news will likely drive stories on offensive efforts around the world, but I believe these were already being developed in most countries prior to the latest Confront and Conceal news.
Honeywell has joined the ICS Security Consulting fray with a new Industrial IT Solutions group. They will focus on security assessments, remediation of assessment findings and managed security services. They will be vendor neutral, and I assume this means security vendor neutral not ICS vendor neutral. It does raise an interesting question. Honeywell is probably in the best position to put a Honeywell system in its optimal security posture, but will this group identify to customers flaws in the Honeywell components? And would a vendor with a Delta V or Yokogawa system hire Honeywell’s group to assess a competitor’s system? Still, customers look first to their ICS vendors so they will likely have success.
A group of about fifty people from the military services and other national security agencies met on May 30-31, at the National Defense University’s iCollege to advance the cyber security of control systems on military and government facilities worldwide. Control systems reside and play an important role on bases, posts and at other government locations. The group worked together to produce templates drawn from the National Institute of Science and Technology’s Guide 800-53 “Recommended Security Controls for Federal Information Systems” to be applied to control systems.
The Hill reported that a bi-partisan cyber security bill is making progress in the Senate. The bill is trying to set goals and incentives rather than mandates. It’s unclear whether the White House or Republican lead House will go along with a compromise.
Tweet of the Week
Worth Reading Articles
- Scores of US Firms Keep Quiet About Cyber Attacks SEC rules about reporting material cyber attacks being ignored
- Mikko’s Flame is Lame post Short article listing impressive features of Flame
- Byres’ blog Securing SCADA from APT Nice A-P-T definition and good table on new approach for APT
Critical Intelligence’s ICS Security Event Calendar Updates
- SCADA (in)Security, July 11-12 in Kuala Lumpur, Malaysia
- EnergyBiz Webinar New Approaches to Grid Security, July 19
- ISA’s Advanced Industrial Cybersecurity Training, July 23-27 in Research Triangle, North Carolina DP Note: This is a newish 5-day course from ISA. No word on the site on who the course instructor is. The focus on IPV6 makes me think of Mr. Singer.
- EnergySec Summit, Sept 25-27 in Portland, Oregon DP Note – Looking forward to this event getting back to its roots when it was one of the best of the year
- ISA’s Advanced Industrial Cybersecurity Training, Oct 22-26 in Research Triangle, North Carolina
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by milesopie