SCADA - ICS Archives | Page 12 of 15 | The Security Ledger with Paul F. Roberts

SCADA – ICS

U.S. Cyber Security Framework Is Good News-For Hackers

September 4, 2013 Paul Roberts

Ralph Langner, the renowned expert on the security of industrial control- and SCADA systems, warns that the latest draft of the U.S. Government’s Cyber Security Framework (CSF) will do little to make critical infrastructure more resistant to devastating cyber attacks. Writing on his blog, Langner said that a draft of the National Institute of Standards and Technology’s (NIST’s) Preliminary Cybersecurity Framework does little to compel critical infrastructure owners to improve the security of their systems, or guarantee uniform (and robust) cyber security standards in the critical infrastructure space. NIST released the latest draft of the CSF late last month (PDF). But Langner, writing on Wednesday, likened the framework to a recipe that, if used by three different chefs, produces three totally different dishes…or just a messy kitchen. “A less metaphorical words, a fundamental problem of the CSF is that it is not a method that, if applied properly, would lead to predictable results,” […]

Breaking And Entering: Hackers Say “Smart” Homes Are Easy Targets

July 25, 2013 Paul Roberts

In just the last two years, the price of home automation technology has come way down, while variety has exploded. Smart home technology goes way beyond niche products like the Nest IP-enabled thermostat or (save us) the “HAPIfork.” A growing list of vendors are selling infrastructure to support a whole network of intelligent “stuff”, enabling remote management of home security and surveillance systems, IP-enabled door locks, IP enabled lights, smart home appliances, HVAC (heat and cooling) and more. Pretty cool. And, also, pretty scary. What if that IP-enabled door lock or garage door opener could be hacked by someone outside your home and made to open on its own? Breaking and entering just got a lot easier. Or, what if a HVAC system could be hijacked and remotely disabled or forced to operate in ways that would damage the system or even cause a fire or electrical short in the […]

NIST Cyber Security Draft Framework Puts Execs In Driver’s Seat

July 3, 2013 Paul Roberts

The U.S. government’s federal technology agency has published a draft version of a voluntary framework it hopes will guide the private sector in reducing the risk of cyber attacks on critical infrastructure. The National Institute of Standards and Technology (NIST) published a draft of its Preliminary Framework to Reduce Cyber Risks to Critical Infrastructure on Monday. The document provides a guide for critical infrastructure owners of different maturity levels to begin documenting and understanding their risk of cyber attack, and – eventually – to measure their performance in areas such as asset management, threat detection and incident response. The framework was called for by Executive Order 13636, signed by President Obama in February. In that order, NIST was charged with creating a framework for sharing cyber security threat information and information on successful approaches to reduce risks to critical infrastructure. The Framework is comprised of five major cybersecurity functions: Know […]

Homeland Security: Hack Attempts On Energy, Manufacturing Way Up in 2013

June 29, 2013 Paul Roberts

Attempted cyber attacks on critical infrastructure in the U.S., including energy and critical manufacturing jumped sharply in the first half of 2013, according to a just-released report from the Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT). ICS-CERT said that cyber incidents across all critical infrastructure in the U.S. are on pace to double in 2013. The agency has responded to 200 such incidents so far in fiscal year 2013 (October of 2012 to May of 2013), compared to 198 incidents for all of fiscal year 2012. A majority of those incidents – 53% – were against organizations in the energy sector, ICS-CERT reported. The report is just the latest from DHS about threats to the energy sector. The agency warned energy firms after seeing a sharp jump in attacks during 2012, when attacks on energy firms accounted for around 40% of the malicious activity directed […]

FDA: Medical Device Makers, Hospitals Need To Boost Cyber Security

June 14, 2013 Paul Roberts

The U.S. Food and Drug Administration (FDA) has issued guidance to medical device makers and hospitals that use their products to pay more attention to cyber security and the potential for cyber attacks on vulnerable medical instruments. The FDA released its “Safety Communication for Cybersecurity for Medical Devices and Hospital Networks” on Thursday – the same day that the Department of Homeland Security’s ICS (Industrial Control System) CERT issued a warning about the discovery of hard coded “back door” passwords in some 300 medical devices from 40 separate vendors, including drug infusion pumps, ventilators and patient monitoring systems. The FDA said it expects device makers to “review their cybersecurity practices and policies to assure that appropriate safeguards are in place to prevent unauthorized access or modification to their medical devices or compromise of the security of the hospital network that may be connected to the device. Hospitals were instructed to harden […]