DHS ICSJWG is starting a new Standards subgroup “to identify current industrial control systems security standards that exist, assess and evaluate a relevant set of baseline control systems standard requirements, and create and maintain a catalog of timely and actionable control systems cybersecurity requirements for use by standards development organizations.”
A timely example this week of an ICS vendor doing a great job on actually fixing a vulnerability and disclosure. Read the comment from Emerson’s Jeff Potter on the Chemical Facility Security News blog. Joel Langill found a vuln in the Delta V MD series controller. Emerson investigated and self reported the same vuln was in the SD series. Emerson sells a firewall that blocks this attack, but rather than say buy our firewall (subtle jab at Honeywell? and the Siemens approach) they fixed the problem. Nice job Emerson.
Samuel Linares has put together a team to form Centro de Ciberseguridad Industrial, a non-profit aimed at improvement of ICS security in Spain and Latin America. Obviously the content is in Spanish, and a good Spanish language ICS security site is helpful.
OWASP started a SCADA Security Project page on March 1st. Not much info on the page yet except that Andrey Komarov is listed as the Project Leader.
First there was the Chertoff Group. Now we have former DHS Secretary Tom Ridge and Former White House Cyber Czar Howard Schmidt forming Ridge Schmidt Cyber LLC.
DHS is ten years old. A Senate Hearing this week, A Progress Report on Management, was postponed.
Tweet of the Week
Worth Reading Articles
- For Those Who Can’t Get Enough of Stuxnet, The Institute for Science and International Security’s Basic Attack Strategy of Stuxnet 0.5
Critical Intelligence’s ICS Security Event Calendar Updates
- DakotaCon training: Pen Testing for the Electric Utilities Industry, March 22-24 in Madison, South Dakota
- SANS SCADA Training includes courses from Red Tiger and UtiliSec, June 11-15 in Houston, Texas
- TCIPG Summer School, June 17-21 in St. Charles, Illinois
- Red Tiger training at Black Hat: Attacking, Defending and Building SCADA Systems, July 27-28 and July 29-30 in Las Vegas, Nevada Note: Jonathan’s Black Hat courses sell out every year.
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by chrisinplymouth