Emerson announced that DeltaV DCS deployments will support virtualization in April 2013. They also highlighted the “Smart Firewall”, which sounds very similar to the Honeywell CF9 approach. Basically block everything but DeltaV required protocols out of the box. The simplicity allows a technician to deploy the firewall. Finally, the Next Generation Web Server will provide real time process data to external users on the corporate network or even the Internet. Hopefully they have been working with one-way data diode company to support the push from Delta V Event Chronicle or Continuous Historian to this NextGen Web Server. The details matter, of course, but this is all good news for DeltaV users.
Infamous SCADA vuln hunter Luigi Auriemma has partnered with Donato Ferrante to found a new company call [Re]Vuln. They will perform a variety of consulting services and are selling a 0-day feed for vulns they discover and a 1-day feed for analyzing vulns others discover. It will be interesting to compare the 1-day feed for ICS vulns to the ICS-CERT analysis. The impetus for this new company stems from Luigi’s bad experience with the ZDI.
US Secretary of Defense Leon Panetta gave a speech entitled, “Defending the Nation From Cyber Attack“. He has a succinct description of the impact of an attack on critical infrastructure ICS, but other than that there was not much to like. He continues the baffling government policy of playing down the fact the systems are insecure by design and need to be upgraded or replaced. All the cyber warriors, new government structures and information sharing won’t change that. He also sidles by the issue of US Gov offensive capabilities, but this is probably wise and not unexpected.
The September ICS-CERT Monthly Monitor is out to the general public now. The most important item is that ICS-CERT is now a CVE Numbering Authority so the delay between ICS Alerts and Advisories and assigned CVE numbers is eliminated. This will help owner/operators security patch management programs. Other than that it is a bit dull.
Jim Gilsinn is leaving NIST and joining Kenexis. Jim has been very active in the ISA99 standards process including writing a large part of a number of the standards. I’d imagine that will continue with Kenexis. Good luck Jim.
Joel Langill writes about GLEG’s latest release of the SCADA+ pack of exploits for Immunity’s CANVAS exploit framework. The most interesting is a FTPD denial of service module for the QNX operating system.
Nextgov reports that a panel urged US DHS to “create a reserve cadre of cyber experts”. The idea is it would be like a National Guard that could be called on when required. Interesting idea, but I wonder what kind of talent would make a National Guard type commitment to come whenever called. A voluntary reserve cadre could be quite effective because many in the ICS security space have wanted to know how they can help.
Finally, I’m sad to announce that Reid Wightman is leaving Digital Bond to join ioActive. As loyal blog readers know he is immensely talented and was the driving force behind Project Basecamp. In the last year, ioActive has put together an impressive group of advanced ICS security researchers and should be interesting to watch. Best of luck, Reid and stay in touch as one of the many talented Digital Bond alumni.
Tweet of the Week
Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.
Worth Reading Articles
- Travis Goodspeed’s Emulating USB DFU to Capture Firmware
Critical Intelligence’s ICS Security Event Calendar Updates
- ISA webinar Firewalls and Security Zones on the Plant Floor, March 27
- ISA webinar A Tour of the ANSI/ISA99 Security Standards, April 3 (DP Note – $215 for ISA members for a promotional webinar? Wow, bold move.)
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by Steve Snodgrass
I just wanted to clarify a note above regarding Emerson’s “Smart Firewall”. Emerson has had for a number of years a device called the “Controller Firewall” which is really more in line with Honeywell’s CF9 – unfortunately, they really have not been pushing this product so there are not a lot installed and consider it “optional”. It is based on the Hirschmann Eagle industrial firewall (not the Eagle 20 which is a more advanced version developed by Byres Security that includes deep-packet inspection capabilities).
The new “Smart Firewall” is actually more like a traditional Unified Threat Management (UTM) appliance that one would typically install on the conduit between the Control, DMZ and Enterprise zones of their ICS architecture. This new appliance should be a nice addition to the DeltaV portfolio, and will able to be updated with the latest threat signatures via their standard Guardian support program.
Last I heard, Emerson was planning to rely on Wurldtech to assist with the threat management aspect of the appliance. This will be interesting to see how that evolves, and represents a somewhat new space for the folks at Wurldtech.