Breaking News
Comments
Newest First | Oldest First | Threaded View
Sheetal.Pandey
User Rank
Manager
Re: Tell me more
Sheetal.Pandey   1/27/2014 10:02:08 AM
NO RATINGS
People in the system are still very reluctant or hesistant to apply cyber safety policies and procedure that invloves installing a new app. Its more of a cultural issue. Its easy to take decision when it comes to physical safety but anything internet or software related there is always too much of persuasion needed.

CMathas
User Rank
Blogger
Re: Tell me more
CMathas   1/26/2014 7:21:04 PM
NO RATINGS
Other countries do have their own and there is cooperation such as CERT-to-CERT information sharing/trust building activities. There is global collaboration and there is work on enacting standards for cyber security worldwide. This is quite the growing area. There's another recent blog covering the EU putting out a Good Practice Guide for CERTs.

 

Susan Rambo
User Rank
Blogger
Re: Tell me more
Susan Rambo   1/26/2014 7:02:16 PM
NO RATINGS
Thanks! Fascinating. I know protecting SCADA from malicious attacks is a big concern. So, ICS-CERT (US Dept. of Homeland Security) doesn't want anyone around the world (this researcher was Italian) to announce a vulnerability in SCADA unless a fix/patch is available, most importantly? Do other countries have similar government bodies to ICS-CERT or is ICS-CERT a defacto agency acting for the whole world right now? Just curious about how other countries view this or if US is ahead of the curve on SCADA protections.

CMathas
User Rank
Blogger
Re: Tell me more
CMathas   1/26/2014 6:43:31 PM
NO RATINGS
Industrial Control Systems are extremely vulnerable for many reasons. Typically, companies/organizations do not have in place the amount or quality of security that is necessary. As a result, this is a division of Homeland Seurity. They put out notices when anything is found to be easily hacked, and let everyone know how to fix it or where to go to upgrade to ensure the safety of the system. I've noticed that these notiifications are coming out more often so I've decided to post some of them on an ongoign basis. Hopefully, the number of compromised systems will urge a more serious approach and also, there are some services coming on the scene to provide security. Maybe paying up front is better than paying for it when the sysem is shut down as a result of security breaches. Look for more here as they occur.

In this case, an independent researcher identified a vulnerability but didn't coordinate that informtion with NCCIC/ICS-CERT or with the vendor before stating publicly that it existed. The inference here is that not coordinating could have caused additional security breaches between the time the researcher talked about it and the time the fix was available.

Susan Rambo
User Rank
Blogger
Tell me more
Susan Rambo   1/26/2014 5:31:05 PM
NO RATINGS
Hi Carolyn, Thanks for posting these industrial control security advisories from Homeland Security. Can you explain a bit more how they work and why it was a problem for a researcher to announce he found a vulnerability before contacting Homeland Security? Or was it even a problem? I don't understand how to read this.



Most Recent Comments
Flash Poll
Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Vetinari Clock: Decisions, Decisions, Decisions …
Max Maxfield
18 comments
Things are bouncing merrily along with regard to my uber-cool Vetinari Clock project. The wooden cabinet is being handcrafted by my chum Bob (a master carpenter) using an amazing ...

Jolt Judges and Andrew Binstock

Jolt Awards: The Best Books
Jolt Judges and Andrew Binstock
1 Comment
As we do every year, Dr. Dobb's recognizes the best books of the last 12 months via the Jolt Awards -- our cycle of product awards given out every two months in each of six categories. No ...

Engineering Investigations

Air Conditioner Falls From Window, Still Works
Engineering Investigations
2 comments
It's autumn in New England. The leaves are turning to red, orange, and gold, my roses are in their second bloom, and it's time to remove the air conditioner from the window. On September ...

David Blaza

The Other Tesla
David Blaza
5 comments
I find myself going to Kickstarter and Indiegogo on a regular basis these days because they have become real innovation marketplaces. As far as I'm concerned, this is where a lot of cool ...