Monday, February 28, 2011

Are the NERC CIPs a roadmap for attacking the electric grid?

By Joe Weiss

The NERC CIPs have a number of characteristics that make them a roadmap for attacking the electric grid. - They were developed by the NERC consensus process. The process is long, arduous, and inherently a “low bar”. As such, the process results in trying to make it easier on the “attackee” than trying to make it more difficult on the attacker.

Tuesday, February 22, 2011

How Stuxnet Spreads - A Study of Infection Paths in Best Practice Systems

A new White Paper, "How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems" has just been released by Eric Byres (Byres Security), Andrew Ginter (Abterra Techologies), and myself. The paper details how Stuxnet could infect a control system site protected by a high security architecture. It shows that current best practices are insufficient to block advanced threats and it discusses what operators of control and SCADA systems need to do to protect critical systems from future threats like Stuxnet.

Thursday, February 10, 2011

McAfee: Data-theft attack hits oil industry

McAfee: data-theft attack hits oil industry
by Stephen Shankland (CNET News)

For years, companies in the oil and energy industry have been the victims of attempts to steal e-mail and other sensitive information from hackers believed to be in China, McAfee said yesterday.
The attacks, to which McAfee gave the sinister name "Night Dragon," penetrated company networks through Web servers, compromised desktop computers, bypassed safeguards by misusing administrative credentials, and used remote administration tools to obtain the information, the security firm said. McAfee and other security companies now have identified the method and can provide a defense,

Saturday, February 5, 2011

DHS Best Practice for Remote Access Falls Short

DHS's Control Systems Security Program (CSSP) group recently released their best practice on securing remote access to trusted networks like control systems and their semi-trusted demilitarized zones (DMZ).  The best practice can be viewed by clicking here.  Unfortunately, if we maintain the "think like a hacker" mentality, this document still falls very short of expectations, and is not far off of the NIST guidance document produced in September 2010.

In order to provide a comprehensive defense-in-depth strategy for remote access that addresses both internal (company) and external (non-company or contract) personnel, the focus has to be expanded from just providing basic authentication and confidentiality.  The solution needs to address the health of the endpoint, as well as provide a mechanism to restrict access to the trusted system once access is granted.

Tuesday, February 1, 2011

February Issue of Hakin9: Network Security

Click here to view the February issue.

Hakin9 has released their February Free Issue of Hakin9 Magazine. This month the magazine has articles focused in Network Security.