Embedded Systems Conference
Breaking News
Comments
Newest First | Oldest First | Threaded View
Sheetal.Pandey
User Rank
Author
Re: Tell me more
Sheetal.Pandey   1/27/2014 10:02:08 AM
NO RATINGS
People in the system are still very reluctant or hesistant to apply cyber safety policies and procedure that invloves installing a new app. Its more of a cultural issue. Its easy to take decision when it comes to physical safety but anything internet or software related there is always too much of persuasion needed.

CMathas
User Rank
Author
Re: Tell me more
CMathas   1/26/2014 7:21:04 PM
NO RATINGS
Other countries do have their own and there is cooperation such as CERT-to-CERT information sharing/trust building activities. There is global collaboration and there is work on enacting standards for cyber security worldwide. This is quite the growing area. There's another recent blog covering the EU putting out a Good Practice Guide for CERTs.

 

Susan Rambo
User Rank
Author
Re: Tell me more
Susan Rambo   1/26/2014 7:02:16 PM
NO RATINGS
Thanks! Fascinating. I know protecting SCADA from malicious attacks is a big concern. So, ICS-CERT (US Dept. of Homeland Security) doesn't want anyone around the world (this researcher was Italian) to announce a vulnerability in SCADA unless a fix/patch is available, most importantly? Do other countries have similar government bodies to ICS-CERT or is ICS-CERT a defacto agency acting for the whole world right now? Just curious about how other countries view this or if US is ahead of the curve on SCADA protections.

CMathas
User Rank
Author
Re: Tell me more
CMathas   1/26/2014 6:43:31 PM
NO RATINGS
Industrial Control Systems are extremely vulnerable for many reasons. Typically, companies/organizations do not have in place the amount or quality of security that is necessary. As a result, this is a division of Homeland Seurity. They put out notices when anything is found to be easily hacked, and let everyone know how to fix it or where to go to upgrade to ensure the safety of the system. I've noticed that these notiifications are coming out more often so I've decided to post some of them on an ongoign basis. Hopefully, the number of compromised systems will urge a more serious approach and also, there are some services coming on the scene to provide security. Maybe paying up front is better than paying for it when the sysem is shut down as a result of security breaches. Look for more here as they occur.

In this case, an independent researcher identified a vulnerability but didn't coordinate that informtion with NCCIC/ICS-CERT or with the vendor before stating publicly that it existed. The inference here is that not coordinating could have caused additional security breaches between the time the researcher talked about it and the time the fix was available.

Susan Rambo
User Rank
Author
Tell me more
Susan Rambo   1/26/2014 5:31:05 PM
NO RATINGS
Hi Carolyn, Thanks for posting these industrial control security advisories from Homeland Security. Can you explain a bit more how they work and why it was a problem for a researcher to announce he found a vulnerability before contacting Homeland Security? Or was it even a problem? I don't understand how to read this.



Radio
NEXT UPCOMING BROADCAST
Why Connect a Car?
May 11, 1pm EDT Monday
Overview: Battle-hardened veterans of the electronics industry have heard of the “connected car” so often that they assume it’s a done deal. But do we really know what it takes to get a car connected and what its future entails? Join EE Times editor Junko Yoshida as she moderates a panel of movers and shakers in the connected car business. Executives from Cisco, Siemens and NXP will share ideas, plans and hopes for connected cars and their future. After the first 30 minutes of the radio show, our listeners will have the opportunity to ask questions via live online chat.
Top Comments of the Week
Flash Poll
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Special Video Section
LED lighting is an important feature in today’s and future ...
Active balancing of series connected battery stacks exists ...
After a four-year absence, Infineon returns to Mobile World ...
A laptop’s 65-watt adapter can be made 6 times smaller and ...
An industry network should have device and data security at ...
The LTC2975 is a four-channel PMBus Power System Manager ...
In this video, a new high speed CMOS output comparator ...
The LT8640 is a 42V, 5A synchronous step-down regulator ...
The LTC2000 high-speed DAC has low noise and excellent ...
How do you protect the load and ensure output continues to ...
General-purpose DACs have applications in instrumentation, ...
Linear Technology demonstrates its latest measurement ...
10:29
Demos from Maxim Integrated at Electronica 2014 show ...
Bosch CEO Stefan Finkbeiner shows off latest combo and ...
STMicroelectronics demoed this simple gesture control ...
Keysight shows you what signals lurk in real-time at 510MHz ...
TE Connectivity's clear-plastic, full-size model car shows ...
Why culture makes Linear Tech a winner.
Recently formed Architects of Modern Power consortium ...
Specially modified Corvette C7 Stingray responds to ex Indy ...