Items Tagged with "Infrastructure"
Remember Public Cellular Networks in Smart Meter Adoption
April 26, 2012 Added by:Brent Huston
ICS/SCADA owners must strive to clearly identify their needs around cellular technologies, clearly demarcate the requirements for private/segmented/public cellular network use and understand the benefits/issues and threats of what they are utilizing...
Comments (0)
Congressional Testimony Rings Cybersecurity Alarm Bells
April 25, 2012 Added by:Headlines
"Every day nations and 'hacktivist' groups penetrate our public and private computer networks. The degradation of our national security and intellectual property from cyber theft threatens to weaken us where we have been historically strong: in our ingenuity and creativity..."
Comments (0)
ICS-CERT: Social Engineering and SCADA Security
April 24, 2012 Added by:Infosec Island Admin
Social engineering attempts can be highly targeted and conducted in a way that is much more difficult to detect than the spam and phishing emails we receive in our inbox. Phone-based social engineering attempts were recently experienced at two or more power distribution companies...
Comments (0)
ICS-CERT: Siemens Simatic WINCC Multiple Vulnerabilities
April 20, 2012 Added by:Infosec Island Admin
ICS-CERT has received reports detailing several vulnerabilities in Siemens SIMATIC WinCC Human-Machine Interface application which could allow an attacker to log on to a system as a user or administrator with the ability to execute arbitrary code or obtain full access to files...
Comments (0)
ICS-CERT: Siemens Scalance X Industrial Ethernet Vulnerability
April 18, 2012 Added by:Infosec Island Admin
Exploitation of the vulnerability allows an attacker to perform malicious actions which may lead to a denial of service condition or possible arbitrary code execution. These actions may ultimately impact the process environment in which the system is deployed...
Comments (0)
NIST Workshop: Cybersecurity for Cyber-Physical Systems
April 18, 2012
On April 23 and 24, 2012, the NIST ITL Computer Security Division will host a two-day workshop about the cyber security needed for cyber-physical systems, with a focus on results of research and real-world deployment experiences. Agenda and abstracts available here...
Comments (0)
Iranian Bank Accounts Hacked: A Cyber Warfare Hypothesis
April 17, 2012 Added by:Pierluigi Paganini
Banking is a vital component of a country, it is considered in every cyber strategy as critical infrastructure. If a country is attacked so that its financial institutions fail it would produce an environment for other cyber and military operations, a typical cyberwar scenario...
Comments (0)
All the Lights Will Not Go Out in a Cyber Attack
April 17, 2012 Added by:Dan Dieterle
One of the biggest threats that you hear is that hackers could take out the power grid and all the power would be shut off. America would be thrown back to the power stone age in the flick of a switch (or a series of SCADA exploits). But is this true? The answer is no...
Comments (5)
Information Sharing and the ICS-ISAC
April 15, 2012 Added by:Chris Blask
The topic of information sharing has become one of the most interesting in finding “The Solution” to ICS security. Aspects securing industrial control systems – including timing, technology and workforce – suggest that answers lie less in technology and more in Robert’s Rules...
Comments (2)
Botnets a Growing National Security Concern
April 13, 2012 Added by:Pierluigi Paganini
There is no clear line between cybercrime and cyber warfare, and botnets are a serious threat with tremendous offensive potential. Through a botnet it is possible to attack the nerve centers of a country, and isolated attacks can target critical infrastructure...
Comments (1)
Misconceptions about Aurora: Why Isn't More Being Done
April 13, 2012 Added by:Joe Weiss
The 2007 Aurora test at the Idaho National Laboratory demonstrated that if someone can gain access to a controller, the attacker will cause physical damage. As Aurora is a gap in protection of the electric grid, one way to prevent an Aurora attack is by hardware mitigation...
Comments (0)
ICS-CERT: MICROSYS PROMOTIC Vulnerability POC
April 13, 2012 Added by:Infosec Island Admin
Researcher Luigi Auriemma identified and released proof of concept code (POC) for a use after free vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application wgich may result in adverse conditions ranging from the corruption of valid data to the execution of arbitrary code...
Comments (0)
Cyber Security Legislation: What Does it Mean for Citizens?
April 12, 2012 Added by:Robert Siciliano
Members of Congress have recognized the need for increased security and introduced approximately fifty bills in the last session. The proposed legislation is focused on improving cyber security for citizens, critical infrastructure, and the Federal Government’s own networks...
Comments (1)
ICS-CERT: 3S-Software CoDeSys Improper Access Control
April 10, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of improper access control vulnerability affecting 3S-Software CoDeSys which could allow an attacker can upload unauthenticated configuration changes to the PLC which may include arbitrary code...
Comments (0)
Video: Cyber Security for Smart Energy Systems
April 09, 2012
Chris Wysopal discusses why it is so important to the power grid to write secure code for software, how computer intrusion methods have changed in over past two decades, the impact of data breaches on modern organizations, and the necessity for thorough testing prior to launch...
Comments (0)
Meetings with DOD and Congress on SCADA Security
April 09, 2012 Added by:Joe Weiss
I was asked by DOD how to get an organization to address OT security. The only chance for OT security to succeed is if senior management drives it. There are only a few utilities whose senior management mandated they be secure not just compliant. What a sorry commentary...