Of course the big story was President Obama’s Executive Order Improving Critical Infrastructure Cyber Security with the key elements being information sharing and the development of the cybersecurity framework. The biggest potential impact is a possible future move to make the framework mandatory under some new regulation or envisioned executive authority (Section 10). The EO is not a bad thing, but I’ve believed for some time that the biggest impact on securing critical infrastructure ICS would be a more forthright effort by DHS to educate the USG, asset owners and vendors on the insecure by design issues in the ICS. I’ll try to write more on this next week.
Pathetic scare mongering from DHS Secretary Napolitano that the sequestration (mandatory budget cuts) could “significantly scale back cyber security infrastructure protections that have been developed in recent years”. DHS has had little impact on securing the critical infrastructure the last ten years so not a lot will be lost by a 7.6% budget cut. And if it is such a serious issue why would they cut there? That part of DHS is a very tiny slice.
The Department of Energy will award $20M for the development of ICS cybersecurity tools. This is the same organization that funded Bandolier, and they tend to pick projects that meet objectives in the Energy Sector Roadmap.
Tweet of the Week
Worth Reading Articles
- NSA’s Building A National Program for Cybersecurity Science, HT: Zach Tudor
- Cylance Inside the Exploit: Philips XPER Vulnerability
- Center for a New American Security Assessing The New Executive Order
- Cyber Pacificists Reversing an Ebay’d RTU
Critical Intelligence’s ICS Security Event Calendar Updates
- 1st International Symposium for ICS & SCADA Cyber Security, 16-18 Sept in Leicester, UK
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by chrisinplymouth