Friday News & Notes

ICS Security NewsThe big item of the week was Saudi Aramco cutting itself off from the Internet due to a malware incident. According to ICS-CERT, this would be an ICS cyber incident whether it affected their control systems or not because they run a control system. An article is percolating somewhere in my brain about the false statistics showing an increase in quantity of cyber attacks on ICS, but a likely increase in the quality and preparation of offensive capabilities on ICS. The only statistical evidence to date is an increase in disclosed ICS vulnerabilities (due to more researchers/hackers trying) and increase in identifying Internet connected control systems.

Are CFATS days numbered? It’s been an unsuccessful effort that has received almost automatic renewals, but now the political winds seem to be shifting according to Patrick Coyle. This may not be a bad thing. Maybe scrapping it and starting over has a better chance of success, and why waste continued time and money on a failed effort. The question is whether CFATS is better than nothing?

Invensys announced more virtualization options for their Foxboro and Triconex lines. Great to see as it makes recovery, security updates, and rollback faster and less risky.

Tweet of the Week


[blackbirdpie id=”233553320583761920″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Nothing new this week

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by auntjojo

6 comments to Friday News & Notes

  • I’m much more cynical than Dale regarding Invensys’s ‘new’ virtualization lineup.

    In this case, I see virtualization enabling the same 1990s era code base on modern computing hardware. For years now, Invensys Foxboro must run on a single core, and is incapable of running on multicore systems (the future of computing). Other cores must be disabled via BIOS or boot.ini before installing the product. Every new product release is a rehash of the same basic codebase, some UI and graphics improvements, and varied kludges to make old code work on new systems.

    And using VMWare, Invensys can simply set the VM to only use a single core, once again shoehorning this mess into modern hardware.

    I’m not even going to comment on the “accessible worldwide via terminal services” quote.


  • Sihoko

    Though virtualization has many advantages, there is also a drawback one that also faces the Invensys implementation. This is the use use of thin clients. Thin clients require us to open RDP over the network, a well known source of security issues.

    Time will tell what the balance between real and virtual systems with tegard to security will be. For now I would say that the most important contribution is a life cycle extension. The dependency on a particular hardware platform becomes less, so legacy OS can still run on new hardware. And yes these legacy systems will pose new security challenges, requiring additional security measures.

  • Jake Brodsky

    Mike, I’d be happier if Invensys were more interested in hosting their software on a more diverse set of OS platform besides just Windows. Virtualizing the same old crappy software may improve recovery and backup efforts, but it doesn’t do a damned thing to improve stability and performance.

    Sihoko, you’re absolutely right, RDP is a huge issue. Thankfully, with virtualization, one can roll out a patch much more easily and if things are unstable, roll things back. Nevertheless, Invensys needs to do a lot to improve their patch and security stance.

  • Sihoko

    Jake, why would the roll out of a patch be more easy? Is it the reduced risk (easy / fast recovery) or is there another reason? Reboot of the VM would still be required.

  • Jake Brodsky

    Sihoko, there is one key thing that we used to have to do in the past, that you left out here: Restore a backup.

    With virtualized platforms, one can set a checkpoint, and revert to that checkpoint if needed. Any changes that were made to the OS, such as obscure registry changes, are reverted as well. Restoring full disk images is time-consuming. Reverting to a checkpoint is actually pretty rapid.

  • Fellas,

    More details on Virtualization from Foxboro/Invensys’s YouTube channel.


Leave a Reply