Friday News and Notes
- Warning: don’t get too upset about the article in this note. GCN has a commentary indicating “the National Security Agency is making plans to take the lead in a federal initiative to monitor and protect the control and communications networks that serve the nation’s critical infrastructure.about NSA and DHS monitoring critical infrastructure control systems.” I would be amazed if NSA, DHS or anyone else in the USG truly is planning to monitor privately owned control systems. Even if they wanted to there is little evidence they could do this successfully based on past performance. (hat tip: Ty Bodell).
- SecureWorks, a managed security service provider (MSSP) that recently merged with Lurhq, issued a press release stating they have seen “90 percent increase in the number of hackers attempting to attack its utility clients this year. From January through April, SecureWorks blocked an average of 49 attackers per utility client per day. Whereas, from May through September, it saw an average of 93 hackers attempt attacks on each of its utility clients per day.” These are primarily attacks from the Internet against the corporate network. SecureWorks does monitor SCADA networks as well, and a couple of years back provided anonymized control system attack statistics to PCSF. Unfortunately no other MSSP stepped up and the effort died.
- The I3P will offer free SCADA security training prior to API’s 2nd Annual IT Security Conference on November 5th in Houston.
- If you comment on any blog entry on the site and don’t see your comment, send an email to info@digitalbond.com. Blog spam is a bigger problem than email spam, and your comment got caught in the spam filter. This usually doesn’t happen, but it did twice in September. You will only need to send an email once to get on the white list. Also, we approve all comments no matter how
wrongmuch they disagree with the post as long as they are on control system security.
Author: Dale Peterson
Posted: October 12th, 2007 under Uncategorized.
Comments: 2
Comments
Comment from Jake Brodsky
Time: October 12, 2007, 7:21 am
William Jackson’s commentary, if it turns out to be true, would be a serious security risk in and of itself. Which has more vulnerability? A bunch of diverse systems with no connections? Or one great big edifice of a network, with Big Brother watching?
Remember the spy cases in the past? Some of the biggest threats came from those who were entrusted to protect us from spying. A Centralized SCADA enables a centralized failure. Frankly, I have doubts that such thinking could work.
This idea really stinks. It would essentially become the one great big SCADA system of Everything. And they’re using the security issue to get the camel’s nose into the tent.
Comment from Julian L. Rrushi
Time: October 12, 2007, 4:25 pm
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
It is a fact that cyber security of control systems and networks is directly related to national security. Therefore, in my opinion, it is quite logical that NSA and DHS take the responsibility of monitoring and protecting them. There are side effects, of course, but the values to protect are of much higher priority.
Thanks,
Julian L. Tod Rrushi
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFHD3WF3JhHvEZ9fsERAm07AJoCcYuxL83uyyYGOaqovHai1lQR8ACeMGn0
yzjM7qgnJ4zlSOSxnUO7UhI=
=DNCJ
—–END PGP SIGNATURE—–
Write a comment