The US Dept of Homeland Security had another reorganization. The Control Systems Security Program is now under the National Cybersecurity and Communications Integration Center (NCIC).
This was new to me, Justin Searle of UtiliSec has a two-day course Pentesting Smart Grid and SCADA. He is teaching it at Black Hat Abu Dhabi. There is a growing, rich set of ICS security training opportunities.
A Federal News Radio poll asked participants for the top US Government cybersecurity accomplishments from 2006 to present. In many ways the list is underwhelming, but a number of countries are trying to emulate the US effort particularly with things like a national SCADA testbed and ICS security training.
Experts went back and forth this week on who was behind the Aramco attack. Bloomberg argues against Iran and for a lone perpetrator.
More news on the Wurldtech certification front, Siemens Smart Grid Division received Achilles Practice Certification. This is the cert that originated from Wurldtech/Shell/WIB effort.
The critical infrastructure cyber security track at the IPA Forum in Tokyo drew a capacity crowd of ~300 people. They actually had to turn people away. With the push by METI, ICS security efforts and interest in Japan have jumped up a big step. It was actually exciting to be there, like the early days of PCSF.
Tweet of the Week
Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.
Worth Reading Articles
- Brian Krebs’ Service Sells Access to Fortune 500 Firms DP note – more evidence that your corporate network is compromised
Critical Intelligence’s ICS Security Event Calendar Updates
Nothing new this week
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by addedentry
w.r.t. the Worth Reading article, I wonder what the ethics are of buying time on their service to determine if your network is affected and then using that knowledge to shut them out (if only temporarily). It seems a fairly cheap way of determining if your network security is totally broken.
In the day, “don’t key a radio while in the rack room” was basic training for technicians. We even had signs on the doors.
In this era of cell phones I wonder if the practice has long since faded away. Folks barely comply wiht switching off phones at take off.