Friday News & Notes

SCADA Security NewsKelly Jackson Higgins has a Worth Reading article on ICS-CERT. The common line of defense of ICS-CERT is a CERT only does coordination, and we should not expect more. I’m glad that Kelly included ICS-CERT’s mission verbatim in the article. What really has happened is the DHS Control System Security Program (CSSP) brand has been converted to ICS-CERT. This is why you had the CSSP Year in Review 2011 renamed the ICS-CERT Year in Review 2012. ICS-CERT is the public arm for DHS on all things ICS security. Loyal readers know I’ve covered my thoughts on DHS and ICS-CERT in detail the last two weeks (here, here and here)

Results from a Kyle Wilhoit’s high interaction (realistic) SCADA Honeynet were presented at BlackHat EU this week. Corelan writes up the details. Most interesting are the 17 different attacks including some that used Modbus TCP to modify the process, such as modify the pump pressure, modify the temperature output. BlackHat has posted his presentation.

Mark Weatherford announced he was leaving his position as DHS Under Secretary for Cybersecurity to join the Chertoff Group. He was there even less than the two year norm for a DHS cyber position. Bruce McConnell will be Acting Under Secretary until a successor is named.

Continuing on the job front, an interesting job posting this week for the NIST Director, Smart Grid and Cyber-Physical Systems Job.

Tweet of the Week

[blackbirdpie id=”312193846853373952″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by chrisinplymouth

3 comments to Friday News & Notes

  • We really need to start differentiating when attacks originate from a Tor exit node. It would certainly help highlight that malicious actors can look like anyone they want when perpetrating attacks.

  • Jacob Kitchel

    Malicious attackers don’t need a Tor exit node to look like anyone they want.

  • Michael Toecker

    If the argument showing that Chinese IPs may not equal Chinese People can be made with something as obvious as Tor, make the argument.

Leave a Reply