Blog Posts Tagged with "Infrastructure"

C4363f41d25c216c53c8d71a1ac44a90

Notes on Electromagnetic Pulse (EMP) in US, UK, NL

May 22, 2012 Added by:Matthijs R. Koot

In 2009, there was a discussion on a forum for pilots about an article that argued that a commercial aircraft could be brought down by DIY EMP bombs. Also in 2009, the U.S. Patent Application for an Electromagnetic pulse (EMP) hardened information infrastructure was filed...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: From the Trenches - A Tabletop Exercise

May 22, 2012 Added by:Infosec Island Admin

Incident response is critical. During a real incident, you don’t want to discover major gaps in policy/procedure and/or technology tools. The collaboration that occurs during the exercise helps to understand the roles and responsibilities that each of us have during cyber attacks...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Former DHS Director Sean Paul McGurk Joins ICS ISAC

May 22, 2012 Added by:Headlines

Malware such as Stuxnet and Duqu have led to the recognition of broader systemic vulnerabilities within critical infrastructure which until recently have been largely disconnected. Addressing the resiliency of these systems must occur at technical, organizational and policy levels...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Protecting SCADA Systems with Air Gaps is a Myth

May 21, 2012 Added by:Headlines

Speaking at AusCERT, SCADA security expert Eric Byres stated that “the whole concept of trying to protect SCADA systems with air gaps is a myth" perpetuated by those who believe "bad things will never happen to the control systems..."

Comments  (7)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow

May 21, 2012 Added by:Infosec Island Admin

Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

SCADA Security: Consequences and Difficulty with Incentives

May 18, 2012 Added by:Rafal Los

Here's the problem - when it comes to critical infrastructure protection it's very difficult to legislate and regulate the organizations that matter into a state of better security. The problem is that in order to enforce policy and rules there either have to be consequences to failing, or incentives not to fail - or both...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Kaspersky Warns of Critical Infrastructure Vulnerabilities

May 18, 2012 Added by:Headlines

“It’s not possible to protect. Stuxnet told us that modern systems are not protected... SCADA could be very easy victims – the result of an attack could be like Stuxnet but everywhere... [We] need to understand the danger of cyber-weapons and of cyber-war to ruin national infrastructure..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Wonderware Unicode String Vulnerability

May 17, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report identifying an unallocated Unicode string vulnerability with proof-of-concept exploit code that affects the Invensys Wonderware SuiteLink service which could allow an attacker to remotely crash older versions of the service...

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Smart Grid Security: An Inside View from Patrick C. Miller

May 16, 2012 Added by:Larry Karisny

A March survey revealed that two-thirds energy security professionals think smart-grid projects do not adequately deal with security threats. Larry Karisny interviewed Patrick C. Miller, president and CEO of EnergySec, about the survey and the subject of smart-grid security...

Comments  (0)

C4363f41d25c216c53c8d71a1ac44a90

Dutch MoD Innovation Competition 2012: CYBER Operations 2.0

May 16, 2012 Added by:Matthijs R. Koot

The Dutch Ministry of Defense's (MoD) annually issues a "Defense Innovation Competition" is a competition that is intended to get input from and foster relations with Dutch industry and SME. This year's theme is "CYBER Operations 2.0"...

Comments  (0)

5106d48203954b74e6ea495e5c7f21b0

No National 'Stand Your Cyberground' Law Please

May 14, 2012 Added by:William Mcborrough

We know that some attacks on our privately owned critical infrastructure have been attributed to foreign government networks. Would it be wise to license companies to attack these networks? The last thing we need is an international incident started by some SysAdmin..

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Risk Management for the Electricity Sector

May 14, 2012 Added by:Infosec Island Admin

The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingSCADA Insecure Password Encryption

May 10, 2012 Added by:Infosec Island Admin

Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Join ICS-CERT on the US-CERT Secure Portal

May 09, 2012 Added by:Infosec Island Admin

One of the best kept secrets in the critical infrastructure world is the US-CERT secure portal, a web-based platform that provides a mechanism for secure, unclassified information exchange between government agencies and the private sector asset owners and operators...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Planning for a Cyber Incident?

May 08, 2012 Added by:Infosec Island Admin

Organizations without an existing incident response capability should consider establishing one. To aid control systems owners and operators, the CSSP has prepared a Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

US Gas Pipeline Companies Under Major Cyber Attack

May 07, 2012 Added by:Headlines

“Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It goes on to broadly describe a sophisticated 'spear-phishing' campaign..."

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »