For the second week we have a story that dwarfed all others and led to a flurry of mainstream press interest — of course it is Mandiant’s Whitepaper on APT1. The related inside-baseball story I’m waiting for is how much all of this has been coordinated with the USG, Mandiant and NY Times. Coordination isn’t bad or wrong in a pursuit of a goal, and this whitepaper following on the heels of the Executive Order couldn’t be better timed for the Obama administration.
Like most in this industry, I was hit up by a lot of press requests for comment. Being a target of APT1 hardly makes me or anyone at Digital Bond experts on that threat agent. I tried to use the opportunity to get the focus on the need to upgrade or replace the insecure by design critical infrastructure ICS. I also tried to highlight the danger of remote connections into ICS as demonstrated by the Telvent hack.
An important story that didn’t get enough attention is ISA100 giving up the effort to converge the two big DCS wireless standards: ISA100 and WirelessHART. The effort probably started too late to succeed. The problem wasn’t converging security. Both protocols actually have very similar authentication and encryption algorithms and approaches. Full credit to Walt Boyes and ControlGlobal for some hard nosed reporting on this issue over the past couple of years.
NIST has put up a web page for the development of the Cybersecurity Framework required in last week’s Executive Order Improving Critical Infrastructure Security. The date for initial workshop is still listed as TBD.
An Apple-type store for ICS applications? Inductive Automation announced the opening of Ignition Module Marketplace at the ARC Forum. “The ability to instantly buy modules and share modules with the simplicity of an ‘app store’ experience will be revolutionary for our users,” said Hechtman.
Pike Research covers Toshiba’s acquisition of Consert and how this will increase its smart grid portfolio, particularly in the are of demand response.
Tweet of the Week
Couldn’t pick just one APT1 tweet
or
or
Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.
Worth Reading Articles
- Mandiant’s APT1: Exposing One of China’s Cyber Espionage Units
- DigitalCrazyTown: Key Deadlines in the Cybersecurity Executive Order
Critical Intelligence’s ICS Security Event Calendar Updates
Nothing new this week.
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by chrisinplymouth
The ISA-100 divergence comes as no surprise to me. This is nothing but a wireless replay of the infamous Fieldbus wars from over 20 years ago.
Furthermore, there isn’t much in the way of network integrity monitoring. So when things stop talking, nobody knows why it is happening. This is important from a security standpoint because something as silly as a few wireless video cameras can bollix up these networks very nicely.
I am very annoyed and appalled that the test equipment for media seems to lag so far behind the implementation. Once again, look at what happened with Profibus, Fieldbus, and many other transport systems. There was no commonly available test equipment for YEARS after products had been built and installed on plants.
This makes it very difficult to diagnose a media problem and to know that it is or is not an attack. We are repeating mistakes from a generation before. It would seem that we haven’t learned a damned thing.