Editor’s Note: This article was contributed by Laura Mattson, marketing specialist.
Early in 2012 Eric Byres wrote a blog article predicting what he thought would happen in 2012 with regards to SCADA and ICS security. I went back to his blog and highlighted the four main predictions he made. Then I asked him to rate himself on each one. Read more
This is an excerpt from the Think Forward blog by Ernie Hayden at verizonbusiness.com.
In a move that may be helpful for critical infrastructure asset owners, on July 23 the Industrial Control Systems Joint Working Group (ICSJWG) published a new document on a framework for disclosing Industrial Control System (ICS) vulnerabilities.
Common Industrial Control System Vulnerability Framework
Industrial Control Systems Joint Working Group (ICSJWG), which was established by the U.S. Department of Homeland Security Control Systems Security Program, published the document – Common Industrial Control System Vulnerability Framework. The document was developed with the intention of providing consensus-based guidance to vendors and system integrators in helping them create ICS vulnerability disclosure policies. Read more
This is an excerpt from the Practical SCADA Security blog at Tofino Security.
Last week I discussed how security experts and ICS / SCADA vendors are giving up on the dream of the air gap as a viable security solution for the modern control system. Unfortunately, it is still all too easy to believe your control system is isolated.
Recently I had a very enlightening conversation with a control engineer who thought his system was air gapped. Read more
Last week I updated my air gap blog from 2011. I noted some companies (like Siemens) no longer mention air gaps. Then to keep things balanced, I added new examples of consultants that support the air gap theory. In particular, I selected this quote from Paul Ferguson at Trend Micro:
“I’ve written about SCADA issues in the past, but one issue that I’ve consistently tried to emphasize is that critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form. There’s a good reason for this, and it’s always been referred to as the “Air Gap” Principle.” Read more
The discovery of the Flame malware last week focused the cyber security world on the sophisticated strikes targeting energy companies in the Middle East. Although Flame’s goal was espionage rather than damaging operations as Stuxnet did, it has been seen as one more indication that the industrial world is now in the bull’s eye of clever attackers.
On the heels of Flame coverage, this week David Sanger, the Pulitzer Prize winning Washington correspondent for The New York Times, released his new book “Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power“. Up to now, many writers speculated that the U.S. and Israel collaborated on Stuxnet. This book does not speculate; it builds a strong circumstantial case that these two countries did indeed create and launch Stuxnet against Iran. Read more