The US Securities and Exchange Commission (SEC) is starting to crack down on cyber incident and cyber risk disclosures. They recently sent letters to six companies, including Eastman Chemical, asking for more information. This is the type of activity that gets C-level attention because they are responsible for SEC disclosures.
Justin W. Clarke found another backdoor account in ICS network infrastructure equipment, this time in the GarrettCom Management Software. It appears to require login with an established account before the administrative level account with hard coded password can be used. A patch from the vendor is available.
INL announced their Sophia Tool that identifies new communication on the network. It trains to learn what communication is normal and then alerts when a new source/destination/port combination occurs. The concept is good because SCADA and DCS communication is static compared to a corporate network. It’s not particularly novel as Tenable’s Security Center, WhatsUp Gold’s FlowPublisher, and many other tools do this today. I continue to be baffled on why INL competes with industry. That said, if INL makes this available at no or low cost to owner/operators it’s worth a look.
Reading the tea leaves it looks like President Obama will issue an Executive Order or Presidential Directive on Critical Infrastructure Cyber Security prior to the election. His team hinted at this a few weeks ago and now Senator Feinstein has urged him to do this. Politically for the President there is upside in being viewed as taking action on Critical Infrastructure Cybersecurity where Congress failed, and there is little downside. And President Obama has not been hesitant to use Executive Orders. What will be in the Executive Order is a tougher to predict.
And on the other side, cybersecurity has made it into the Republican Party Platform. There assertion that the best way to improve critical infrastructure cybersecurity is to pass laws to allow information sharing is laughable. I still contend that DHS and other government agencies have every authority they need to demonstrate the massive insecure by design issues in SCADA and DCS. They just need to take off the gloves and prepare for a lot of vendors and owner/operators to look bad and be angry.
Qatar’s RasGas has now been hit with a malware attack. The malware, size and scope is not yet publicly known. It is interesting how RasGas quickly announces that the ICS and operations are unaffected. As noted in an earlier article this week, unaffected may not mean that the malware did not spread to the ICS.
If you are interested in the security of rail ICS consider attending the American Public Transportion Association’s Webinar: Cyber Security of Control and Communications Systems for Rail Transit – Scope and Application for APTA Standards on Sept 13th. Dave Teumim and a few others have been slogging away at trying to gain momentum for cybersecurity in this sector. The webinar will go over the Recommended Practices that APTA has been developing.