Friday News & Notes

ICS Security NewsREMINDER – S4 General Registration Opens on October 24th. See The Agenda Here.

Kaspersky’s announcement of a new secure SCADA OS was the buzz story of the week. It’s an ambitious effort with low likelihood of impact on SCADA and DCS for a variety of reasons. I do like the discussion of reducing the attack surface and would recommend vendors look at supporting Microsoft’s Server Core. A few ICS vendors support installations on Server Core. (DP Note – while I think Kaspersky’s attempt is a long shot, so is Project Basecamp. Nothing wrong with taking a shot if you believe in it and think it’s important … and the next Basecamp release comes out Thursday morning)

A significant number and variety of Siemens PLC modules have received Achilles Level 2 certification. This means the modules survived quite rigorous fuzz testing; they are unlikely to go down when scanned or when spurious network traffic gets on the network. It means they are less fragile, but they are still insecure by design. An interesting note on this is Wurldtech named Siemens CERT as an accredited Achilles test facility so these were self certifications.

In other Wurldtech certification news, Yokogawa received the Achilles Practices Certification which covers the overall vendor security development lifecycle. This certification was an outgrowth of Wurldtech’s close relationship with Shell and a derivative of this has been submitted to IEC for consideration as a draft standard.

Rita Wells of INL has been appointed to the 15-member DHS Advisory Council Task Force on Cyberskills. Other members are listed in Appendix B of this link (pdf).

If you want more viewpoints on cybersecurity legislation and USG necessary activity check out the NY Times Room For Debate page. Mike Assante is included to represent the control system space.

A new book is out – Safeguarding Infrastructure Assets from Cyber-terrorism: Measuring and Protecting SCADA systems from Cyber-terrorists in Australia. I’m hesitant to spend $111 and time until we see a few credible reviews. Do any Australian readers know the author and his experience in this area?

Computerworld covers the growing medical systems hacking story with Barnaby Jack of ioActive demonstrated he could cause a pacemaker to deliver a deadly 830 volt jolt from 50 feet away. From the article — “the flaw lies with the programming of the wireless transmitters used to give instructions to pacemakers and implantable cardioverter-defibrillators (ICDs), which detect irregular heart contractions and deliver an electric shock to avert a heart attack.”

Tweet of the Week

[blackbirdpie id="258936921588375552"]

Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.


Worth Reading Articles

Empty

Critical Intelligence’s ICS Security Event Calendar Updates

  • EnergySec’s NERC CIP Compliance Training, Dec 4 in Sacramento, California
  • Cyber Security and Information Intelligence Research Workshop (CSIIR), Jan 8-10 in Oak Ridge, Tennessee

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by mcalamelli

4 comments to Friday News & Notes

  • Bryan Owen

    Ironically the big story on Server Core is reduced patching.

    This isn’t the only case where security posture and economics align. To be fair, loosing the GUI was expert friendly.

    Pick Core at install time was the main detractor. Windows 2012 eliminates this issue. Integrators can add the GUI for servicing then remove when returning to production service.

    After burn-in as the hypervisor, it’s fair to say Core is solid and ready for prime time.
    http://www.commoncriteriaportal.org/files/epfiles/0755a_pdf.pdf

    Time for owners to request ISVs in the critical infrastructure space to support Server Core.

    If

  • Bryan Owen

    Ironically the big story on Server Core is reduced patching.

    This isn’t the only case where security posture and economics align. To be fair, loosing the GUI was expert friendly.

    Pick Core at install time was the main detractor. Windows 2012 eliminates this issue. Integrators can add the GUI for servicing then remove when returning to production service.

    After burn-in as the hypervisor, it’s fair to say Core is solid and ready for prime time.
    http://www.commoncriteriaportal.org/files/epfiles/0755a_pdf.pdf

    Time for owners to request ISVs in the critical infrastructure space to support Server Core.

  • In reference to Dale’s note on the “CyberSkills Task force Report” and the appointment of Rita Wells … I only have to saw how disappointed I am in yet another fed document released with little to no input or contribution from the ICS community. No SME’s were selected from the ICS community, and what little coverage we get, seems to be focused entirely on a single sector – which in fact, is very different from most other sectors.

    I only remain hopeful that someday, DHS will realize how extensive the ICS community is, and until they get input from the wide range of entities within this space, will they truly understand the magnitude of the problem facing this community and what it will take to begin to improve it.

    Stay secure …

  • Thanks Dale for the updates. I wanted to provide one correction to your article. While Wurldtech has provided Siemens with the ability to test their products within their own lab, all data is sent to Wurldtech to be reviewed by our engineers. It is not until we have approved the test results that they receive certification. This process enables manufacturers such as Siemens to test and improve their products while they are still in the lab, shortening the time to market for new, more robust products.

Leave a Reply