Friday News & Notes

ICS Security NewsIndustrial Defender announced another industry partnership to provide their security products and services to an ICS vendor — this time with Telvent. As mentioned in an earlier article, the key factor in determining if this is truly pushing security to customers or just marketing buzz is ID’s headcount growth. According to company sources “Industrial Defender has grown our workforce over 25% in the last year.  To support our expanding OEM relationships we have added new staff in R&D, Engineering, Product Management, and Professional Services.”

A draft of ISA-62443-2-1 IACS Management System is available for review. One of the key issues with this draft is the overlap with ISO/IEC 27001/27002 – that is not the approach preferred by ISO and SC27. This is likely to be an important topic at the meeting in Rome at the end of October.

Joel Langill has an updated “Ultimate Library” page for ICS Security Resources that is chock full of useful links.

Elinor Mills writes about malware found on new PC’s purchased in China. This matches our experience. We have even found crack keygen files left on the new systems. Increasingly new does not mean clean.

Andrew Ginter tries to make the case that unidirectional has an equivalent or lesser total cost of ownership to a firewall for perimeter security. While we find ourselves increasingly pushing customers to unidirectional, I’m not buying Andrew’s cost argument. What is missing is the cost to migrate all the two-way communication to one-way communication, including changing all the user processes.

The European Union made CERT-EU permanent this week. We will have to get more info on whether there is an ICS section and how it will interoperate with the European countries’ national CERTs.

Pot – Kettle – Black. According to Reuters a top US cybersecurity official said “other nations are increasingly employing cyber attacks without ‘any sense of restraint’, citing “reckless” behaviors that neither the United States nor the Soviet Union would have dared at the height of Cold War tensions.”

Tweet of the Week

[blackbirdpie id=”246613275205320704″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

I think I need to loosen up my Worth Reading filter a bit.

Critical Intelligence’s ICS Security Event Calendar Updates

Nothing new this week

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by MikeCogh


  1. says

    Though I agree with Dale that there are additional costs associated with the change, I have spoken to customers who have done the move, and they can confirm these estimates and ROI calculations are real!

    One thing that offsets Dale’s point is that this assumes that all existing firewall configurations, policies, and internal processes are acceptable and pass a reasonable security validation. This is typically NOT the case, and when you consider the costs of remediating weak firewall implementations, these costs begin to offset one another.

    If you consider that the initial installation was “perfect”, then Dale has a good point. This would only be an initial CapEx cost, and would extend the ROI period out a bit. However, when you look at a typical ICS lifecycle and the total cost of ownership (TCO) calcs, unidirectional technologies still prevail as a lower cost solution.

  2. says

    Regarding CERT-EU: they don’t have an ICS section yet, but ENISA has advised the EU to deploy an ICS-CERT, so I think that will be just an matter of time.

  3. Chris Sistrunk says

    Thanks for keeping up the one-stop-shopping reference library, Joel. I have had it bookmarked for quite a while now.

  4. says

    Hey Dale – thanks for the mention.

    Re: cost to migrate -if you are referring to migrating away from VNC/Rdesktop/Citrix type remote-acces, yes there are processes to change. In my experience such remote access is used extensively in chemical plants and, you’re right, should have been mentioned in my article where I use chemical plants as an example. In other industries such as power generation and water systems though, we see remote access used much less routinely and we have remote access solutions which are sold as part of the one-way product suite and are included in my “typical project” estimates.

    But if your two-way to one-way migration refers to replacing two-way firewalls with one-way hardware and the associated server replication software, I disagree. All such labour costs are included in my typical project cost numbers. Most often, replica servers are plug-and-play compatible with the originals. End users see no difference – no procedures need to change.

  5. Jim Gilsinn says

    Thanks for calling out the ISA-62443-2-1 draft. We’ve actually be working with members of ISO SC27 in the development of our draft, so we are hoping that things go well. We understand that it is different from all the other sector-specific modifications. It turns out that we’ve actually caught some mistakes in the 2005 version of 27001 that are being fixed in the next draft.

Leave a Reply