Items Tagged with "Infrastructure"
ICS-CERT: From the Trenches - A Tabletop Exercise
May 22, 2012 Added by:Infosec Island Admin
Incident response is critical. During a real incident, you don’t want to discover major gaps in policy/procedure and/or technology tools. The collaboration that occurs during the exercise helps to understand the roles and responsibilities that each of us have during cyber attacks...
Comments (0)
Former DHS Director Sean Paul McGurk Joins ICS ISAC
May 22, 2012 Added by:Headlines
Malware such as Stuxnet and Duqu have led to the recognition of broader systemic vulnerabilities within critical infrastructure which until recently have been largely disconnected. Addressing the resiliency of these systems must occur at technical, organizational and policy levels...
Comments (0)
Protecting SCADA Systems with Air Gaps is a Myth
May 21, 2012 Added by:Headlines
Speaking at AusCERT, SCADA security expert Eric Byres stated that “the whole concept of trying to protect SCADA systems with air gaps is a myth" perpetuated by those who believe "bad things will never happen to the control systems..."
Comments (2)
ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow
May 21, 2012 Added by:Infosec Island Admin
Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...
Comments (0)
SCADA Security: Consequences and Difficulty with Incentives
May 19, 2012 Added by:Rafal Los
Here's the problem - when it comes to critical infrastructure protection it's very difficult to legislate and regulate the organizations that matter into a state of better security. The problem is that in order to enforce policy and rules there either have to be consequences to failing, or incentives not to fail - or both...
Comments (0)
Kaspersky Warns of Critical Infrastructure Vulnerabilities
May 18, 2012 Added by:Headlines
“It’s not possible to protect. Stuxnet told us that modern systems are not protected... SCADA could be very easy victims – the result of an attack could be like Stuxnet but everywhere... [We] need to understand the danger of cyber-weapons and of cyber-war to ruin national infrastructure..."
Comments (0)
ICS-CERT: Wonderware Unicode String Vulnerability
May 17, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report identifying an unallocated Unicode string vulnerability with proof-of-concept exploit code that affects the Invensys Wonderware SuiteLink service which could allow an attacker to remotely crash older versions of the service...
Comments (0)
Smart Grid Security: An Inside View from Patrick C. Miller
May 17, 2012 Added by:Larry Karisny
A March survey revealed that two-thirds energy security professionals think smart-grid projects do not adequately deal with security threats. Larry Karisny interviewed Patrick C. Miller, president and CEO of EnergySec, about the survey and the subject of smart-grid security...
Comments (0)
Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
May 16, 2012 Added by:Matthijs R. Koot
The Dutch Ministry of Defense's (MoD) annually issues a "Defense Innovation Competition" is a competition that is intended to get input from and foster relations with Dutch industry and SME. This year's theme is "CYBER Operations 2.0"...
Comments (0)
No National 'Stand Your Cyberground' Law Please
May 14, 2012 Added by:William Mcborrough
We know that some attacks on our privately owned critical infrastructure have been attributed to foreign government networks. Would it be wise to license companies to attack these networks? The last thing we need is an international incident started by some SysAdmin..
Comments (0)
ICS-CERT: Risk Management for the Electricity Sector
May 14, 2012 Added by:Infosec Island Admin
The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...
Comments (0)
ICS-CERT: WellinTech KingSCADA Insecure Password Encryption
May 10, 2012 Added by:Infosec Island Admin
Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...
Comments (0)
Join ICS-CERT on the US-CERT Secure Portal
May 09, 2012 Added by:Infosec Island Admin
One of the best kept secrets in the critical infrastructure world is the US-CERT secure portal, a web-based platform that provides a mechanism for secure, unclassified information exchange between government agencies and the private sector asset owners and operators...
Comments (0)
ICS-CERT: Planning for a Cyber Incident?
May 08, 2012 Added by:Infosec Island Admin
Organizations without an existing incident response capability should consider establishing one. To aid control systems owners and operators, the CSSP has prepared a Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability...
Comments (0)
DHS: National Preparedness Report and Cybersecurity
May 08, 2012
Cyber attacks have increased significantly in number and sophistication resulting in the Federal Government and private sector partners expanding their cybersecurity efforts. US-CERT reported an over 650-percent increase in the number of incidents reported by federal agencies...
Comments (0)
US Gas Pipeline Companies Under Major Cyber Attack
May 07, 2012 Added by:Headlines
“Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It goes on to broadly describe a sophisticated 'spear-phishing' campaign..."
Comments (0)
Your Own Private Island
December 24, 2011Coming Soon! Build your own Island right here!
Make your home Infosec Island with your own private vanity URL, design options and private network of followers.
Infosec Island v2
December 24, 2011The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.
Thanks to everyone for a great year, and we're looking forward to an excellent 2012!