Design Con 2015
Breaking News
Comments
Newest First | Oldest First | Threaded View
Sheetal.Pandey
User Rank
Manager
Re: Tell me more
Sheetal.Pandey   1/27/2014 10:02:08 AM
NO RATINGS
People in the system are still very reluctant or hesistant to apply cyber safety policies and procedure that invloves installing a new app. Its more of a cultural issue. Its easy to take decision when it comes to physical safety but anything internet or software related there is always too much of persuasion needed.

CMathas
User Rank
Blogger
Re: Tell me more
CMathas   1/26/2014 7:21:04 PM
NO RATINGS
Other countries do have their own and there is cooperation such as CERT-to-CERT information sharing/trust building activities. There is global collaboration and there is work on enacting standards for cyber security worldwide. This is quite the growing area. There's another recent blog covering the EU putting out a Good Practice Guide for CERTs.

 

Susan Rambo
User Rank
Blogger
Re: Tell me more
Susan Rambo   1/26/2014 7:02:16 PM
NO RATINGS
Thanks! Fascinating. I know protecting SCADA from malicious attacks is a big concern. So, ICS-CERT (US Dept. of Homeland Security) doesn't want anyone around the world (this researcher was Italian) to announce a vulnerability in SCADA unless a fix/patch is available, most importantly? Do other countries have similar government bodies to ICS-CERT or is ICS-CERT a defacto agency acting for the whole world right now? Just curious about how other countries view this or if US is ahead of the curve on SCADA protections.

CMathas
User Rank
Blogger
Re: Tell me more
CMathas   1/26/2014 6:43:31 PM
NO RATINGS
Industrial Control Systems are extremely vulnerable for many reasons. Typically, companies/organizations do not have in place the amount or quality of security that is necessary. As a result, this is a division of Homeland Seurity. They put out notices when anything is found to be easily hacked, and let everyone know how to fix it or where to go to upgrade to ensure the safety of the system. I've noticed that these notiifications are coming out more often so I've decided to post some of them on an ongoign basis. Hopefully, the number of compromised systems will urge a more serious approach and also, there are some services coming on the scene to provide security. Maybe paying up front is better than paying for it when the sysem is shut down as a result of security breaches. Look for more here as they occur.

In this case, an independent researcher identified a vulnerability but didn't coordinate that informtion with NCCIC/ICS-CERT or with the vendor before stating publicly that it existed. The inference here is that not coordinating could have caused additional security breaches between the time the researcher talked about it and the time the fix was available.

Susan Rambo
User Rank
Blogger
Tell me more
Susan Rambo   1/26/2014 5:31:05 PM
NO RATINGS
Hi Carolyn, Thanks for posting these industrial control security advisories from Homeland Security. Can you explain a bit more how they work and why it was a problem for a researcher to announce he found a vulnerability before contacting Homeland Security? Or was it even a problem? I don't understand how to read this.



Flash Poll
Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Curiosity Killed the Cat (Just Call Me Mr. Curiosity)
Max Maxfield
23 comments
My wife, Gina The Gorgeous, loves animals. She has two stupid dogs and two stupid cats. How stupid are they? Well, allow me to show you this video of the dogs that I made a couple of years ...

Martin Rowe

No 2014 Punkin Chunkin, What Will You Do?
Martin Rowe
Post a comment
American Thanksgiving is next week, and while some people watch (American) football all day, the real competition on TV has become Punkin Chunkin. But there will be no Punkin Chunkin on TV ...

Rich Quinnell

Making the Grade in Industrial Design
Rich Quinnell
13 comments
As every developer knows, there are the paper specifications for a product design, and then there are the real requirements. The paper specs are dry, bland, and rigidly numeric, making ...

Martin Rowe

Book Review: Controlling Radiated Emissions by Design
Martin Rowe
1 Comment
Controlling Radiated Emissions by Design, Third Edition, by Michel Mardiguian. Contributions by Donald L. Sweeney and Roger Swanberg. List price: $89.99 (e-book), $119 (hardcover).