In-brief: The security firm Rapid7 said it is launching a consulting and advisory service to help companies design more secure Internet of Things products and assess the risk of deploying IoT products in corporate environments.
critical infrastructure
Start-Up Claroty Has Eye On Industrial Control System Threats
In-brief: Claroty, an Israel-based start-up emerged from stealth mode on Tuesday, unveiling a new platform that it claims will help owners of industrial control systems detect threats and attacks by sophisticated adversaries.
Security of seismic sensor grid probed – BBC News
The BBC reports that thousands of seismic sensors monitoring geological activity are vulnerable to manipulation by way of cyber attack, though the seismic gear maker disputes the researchers’ findings. The poor security controls around the way the sensors transmit data were detailed in a presentation at the Def Con hacker convention. Researchers found ways to fool and overload sensors so monitoring systems would get wildly inaccurate readings.The findings have been reported to the US computer emergency organisation (sp) that oversees national infrastructure. Nanometrics, the company that makes the sensor system that was probed disputed the researchers’ findings. Source: Security of seismic sensor grid probed – BBC News
The Good, Bad and Ugly of Vulnerability Markets
In-brief: Markets for information on software vulnerabilities are good for security. But they can also raise moral and ethical quandaries, especially in an age of cyber physical risks, argues Cisco’s Marc Blackmer.
Trainwreck: Study Calls for Rethink of Rail Security
The folks over at SCADA Strangelove turned me on to this article from the International Railway Journal that presents the findings of an analysis of the security of industrial control and SCADA systems used to manage railway networks. The conclusion: railways are rife with “faults and vulnerabilities (that will) allow cyber criminals to not only degrade key reliability parameters and bypass safety mechanisms (and) carry out attacks which directly affect rail traffic safety.” The study was conducted by Valentin Gapanovic, the senior vice president of Russian Railways, Efim Rozenberg, the first deputy director general at the Moscow based research firm NIIAS JSC and Kaspersky Lab Deputy Chief Technology Officer Sergey Gordeychik. At issue is not just the systems that are used to manage railway networks, including the movements of trains and critical switching systems that configure tracks. Rather: it is the culture of safety and security in the rail sector which, the study concludes, is still silo’d between physical […]
