Design Con 2015
Breaking News
Comments
Newest First | Oldest First | Threaded View
Sheetal.Pandey
User Rank
Manager
Re: Tell me more
Sheetal.Pandey   1/27/2014 10:02:08 AM
NO RATINGS
People in the system are still very reluctant or hesistant to apply cyber safety policies and procedure that invloves installing a new app. Its more of a cultural issue. Its easy to take decision when it comes to physical safety but anything internet or software related there is always too much of persuasion needed.

CMathas
User Rank
Blogger
Re: Tell me more
CMathas   1/26/2014 7:21:04 PM
NO RATINGS
Other countries do have their own and there is cooperation such as CERT-to-CERT information sharing/trust building activities. There is global collaboration and there is work on enacting standards for cyber security worldwide. This is quite the growing area. There's another recent blog covering the EU putting out a Good Practice Guide for CERTs.

 

Susan Rambo
User Rank
Blogger
Re: Tell me more
Susan Rambo   1/26/2014 7:02:16 PM
NO RATINGS
Thanks! Fascinating. I know protecting SCADA from malicious attacks is a big concern. So, ICS-CERT (US Dept. of Homeland Security) doesn't want anyone around the world (this researcher was Italian) to announce a vulnerability in SCADA unless a fix/patch is available, most importantly? Do other countries have similar government bodies to ICS-CERT or is ICS-CERT a defacto agency acting for the whole world right now? Just curious about how other countries view this or if US is ahead of the curve on SCADA protections.

CMathas
User Rank
Blogger
Re: Tell me more
CMathas   1/26/2014 6:43:31 PM
NO RATINGS
Industrial Control Systems are extremely vulnerable for many reasons. Typically, companies/organizations do not have in place the amount or quality of security that is necessary. As a result, this is a division of Homeland Seurity. They put out notices when anything is found to be easily hacked, and let everyone know how to fix it or where to go to upgrade to ensure the safety of the system. I've noticed that these notiifications are coming out more often so I've decided to post some of them on an ongoign basis. Hopefully, the number of compromised systems will urge a more serious approach and also, there are some services coming on the scene to provide security. Maybe paying up front is better than paying for it when the sysem is shut down as a result of security breaches. Look for more here as they occur.

In this case, an independent researcher identified a vulnerability but didn't coordinate that informtion with NCCIC/ICS-CERT or with the vendor before stating publicly that it existed. The inference here is that not coordinating could have caused additional security breaches between the time the researcher talked about it and the time the fix was available.

Susan Rambo
User Rank
Blogger
Tell me more
Susan Rambo   1/26/2014 5:31:05 PM
NO RATINGS
Hi Carolyn, Thanks for posting these industrial control security advisories from Homeland Security. Can you explain a bit more how they work and why it was a problem for a researcher to announce he found a vulnerability before contacting Homeland Security? Or was it even a problem? I don't understand how to read this.



Top Comments of the Week
Flash Poll
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
<b><a href=Betajet">

The Circle – The Future's Imperfect in the Present Tense
Betajet
5 comments
The Circle, a satirical, dystopian novel published in 2013 by San Francisco-based writer Dave Eggers, is about a large, very powerful technology company that combines aspects of Google, ...

Max Maxfield

Recommended Reads From the Engineer's Bookshelf
Max Maxfield
23 comments
I'm not sure if I read more than most folks or not, but I do I know that I spend quite a lot of time reading. I hate to be idle, so I always have a book or two somewhere about my person -- ...

Martin Rowe

Make This Engineering Museum a Reality
Martin Rowe
Post a comment
Vincent Valentine is a man on a mission. He wants to make the first house to ever have a telephone into a telephone museum. Without help, it may not happen.

Rich Quinnell

Making the Grade in Industrial Design
Rich Quinnell
16 comments
As every developer knows, there are the paper specifications for a product design, and then there are the real requirements. The paper specs are dry, bland, and rigidly numeric, making ...

Special Video Section
The LT8640 is a 42V, 5A synchronous step-down regulator ...
The LTC2000 high-speed DAC has low noise and excellent ...
How do you protect the load and ensure output continues to ...
General-purpose DACs have applications in instrumentation, ...
Linear Technology demonstrates its latest measurement ...
10:29
Demos from Maxim Integrated at Electronica 2014 show ...
Bosch CEO Stefan Finkbeiner shows off latest combo and ...
STMicroelectronics demoed this simple gesture control ...
Keysight shows you what signals lurk in real-time at 510MHz ...
TE Connectivity's clear-plastic, full-size model car shows ...
Why culture makes Linear Tech a winner.
Recently formed Architects of Modern Power consortium ...
Specially modified Corvette C7 Stingray responds to ex Indy ...
Avago’s ACPL-K30T is the first solid-state driver qualified ...
NXP launches its line of multi-gate, multifunction, ...
Doug Bailey, VP of marketing at Power Integrations, gives a ...
See how to ease software bring-up with DesignWare IP ...
DesignWare IP Prototyping Kits enable fast software ...
This video explores the LT3086, a new member of our LDO+ ...
In today’s modern electronic systems, the need for power ...