Friday News & Notes

Friday News & NotesLast week cyber security legislation failed in the US Senate. This week the Obama Administration is putting the word out that they may implement the parts he believes are critical through Executive Order. Our view is that DHS has all the authority they need to make a big difference and has failed miserably. The US Governments most intrusive effort, NERC CIP, has been generally panned with no bright future on the horizon. The legislation wasn’t going to make a difference in ICS security. At this point it is foolish to expect government action, at least US government action, to make a difference on the defensive side of ICS security. Vendors, owner/operators, you are going to have to see the need and do this yourselves.

The European Network and Information Security Agency (ENISA) published a document with ten smart grid security recommendations(ht: Andy Bochman). Mostly broad statements such as develop a regulatory and policy framework, promote public/private parternerships, foster awareness raising and training initiatives, … Recommendation 7, “the EC and MS competent authorities should foster the creation of test beds and security assessments” was the most interesting. Governments creating realistic test beds is on the rise worldwide.

If you are a fan of Infographics, check out this one on Stuxnet.

A final note, we are seeing the numbers in the ICS-CERT Incident Summary widely used as evidence of a dramatic increase in cyber attacks on ICS. This is just plain wrong, and ICS-CERT should clarify this and publish the number of cyber attacks on ICS over the period in the summary. Real cyber attacks on ICS, not attacks on corporate networks who have ICS, not incidents reported that ended up not being attacks. Either do this or you are intentionally feeding the beast.

Tweet of the Week

[blackbirdpie id=”233201672510373890″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by TooFarNorth

1 comment to Friday News & Notes

  • Waiting for government to arrive at a solution before the problem is well understood by all sides is foolish. Representative government by definition is usually reactive. If you don’t get it, they don’t get it.

    The solution is to get in front of these agencies and explain what is needed and where. It sure feels good to bash them when they get things wrong, but ultimately that is counterproductive. How about a few indications of when they get it right?

    How about indications of where existing behaviors can be improve; without the rancor, silliness, or subterfuge of assigning motives.

    The problem is that when you step away from the front lines, things look different. We all know this intuitively. It is up to the generals and the soldiers themselves to stop howling at the moon and start talking.

Leave a Reply