Tag: Government

Malware Campaign Against Industrial Systems Almost 3 Years Old

The U.S. Government’s Industrial Control System CERT (ICS-CERT) said on Thursday that a campaign targeting industrial control system (ICS) software began in January, 2012 and targeted industrial systems that were directly connected to the public Internet. ICS-CERT said in an alert published on Wednesday that “HMI” (or Human-Machine Interfaces) products from vendors including GE, Advantech/Broadwin and Siemens may have been infected with variants of the BlackEnergy malware since January, 2012. Infected firms were running versions of the GE’s Cimplicity, Advantech/Broadwin’s WebAccess or Siemens’ WinCC with what ICS-CERT called a “direct Internet connection.” In some cases, as with the GE Cimplicity attacks, hackers exploited a known vulnerability in the Cimplicity software to gain access. In others (as with WebAccess and WinCC) the method by which the software was compromised isn’t known, ICS-CERT said. CERT said it hasn’t documented any cases of control processes being modified by the malware. However, BlackEnergy is typically used […]

Continue Reading

Uncle Sam Taking a Back Seat in Cyber Defense | Bloomberg

Bloomberg has a story on the collaborative, private sector effort to thwart an industrial hacking campaign linked to Chinese intelligence.   The effort, which involved firms like FireEye and iSight Partners “demonstrates for the first time a private-sector model that they believe can move faster than investigations by law enforcement agencies,” the report said. From the article: The take-down largely bypassed traditional law enforcement tools, relying instead on cooperation between companies that are normally fierce competitors. Coalition members — which include Microsoft Corp., Cisco Inc. and Symantec Corp. — say they can act faster than governments because they operate global Internet systems and have business relationships with tens of thousands of companies. Read more via China-Linked Hacking Foiled by Private-Sector Sleuthing – Businessweek.

Continue Reading

Congress To Probe the Internet of Things?

A bipartisan contingent of senators from the Commerce, Science and Transportation Committee has requested a hearing on the topic of the Internet of Things before the end of the year, according to published reports. Lawmakers Kelly Ayotte (R-N.H.), Cory Booker (D-N.J.), Deb Fischer (R-Neb.) and Brian Schatz (D-Hawaii) wrote to the committee chairman, Jay Rockefeller (D-W.Va.) and ranking member,John Thune (R-S.D.), requesting “a general oversight and information-gathering hearing” on the IoT before the end of 2014, citing concerns about consumer privacy and security, as well as potential government applications of IoT technology.  IoT technologies including wearables and connected health products represent an “expanding industry of connected products,” the congressmen and women wrote. “The proliferation of connected products is sparking a number of important policy questions,” the October 20th letter reads. “The number and the scope of these issues demands our prompt attention so we can better understand the technologies and explore how best to preserve America’s global leadership […]

Continue Reading

Is IoT Innovation Outpacing Our Ability To Keep It Safe?

GigaOm has an interesting, high-level piece that looks at the issue of law, liability and the Internet of Things. The article takes off from a discussion at the Download event in New York City earlier this month, wondering whether adoption of Internet of Things technologies like wearables is starting to run far ahead of society’s ability to manage them.   Specifically: is the pace of technology innovation outstripping the ability of our legal system to reign in excess and protect public safety and civil liberties? On the list of ‘what-if’s’ are some familiar questions: How to assign liability. (“If one of Google’s automated cars crashes, is it the fault of the driver or Google?”) Read more Security Ledger coverage of Internet of Things here.  What responsibility to users have to take advantage of safety features in connected products? (Does a parent’s failure to password-protect a baby monitor change the manufacturer’s liability when and […]

Continue Reading

Obama Uses Executive Order To Push Chip and Pin

Add data security to the long list of issues on which U.S. President Barack Obama has resorted to unilateral action in order to push the government forward on a crucial matter. On Friday, President Obama signed an Executive Order directing the government to require the use of so-called “chip and PIN” technology for any newly issued or existing government debit and credit cards. The Order was intended to make the federal government “lead by example in securing transactions and sensitive data,” the White House said in a statement. The new BuySecure Initiative will provide consumers with more tools to secure their financial future by assisting victims of identity theft, improving the Government’s payment security as a customer and a provider, and accelerating the transition to stronger security technologies and the development of next-generation payment security tools. The Order launches a new initiative dubbed “BuySecure” intended to “drive the market towards more secure payment systems” […]

Continue Reading
1 67 68 69 70 71 98