Items Tagged with "SCADA"
November 24, 2011 Added by:Headlines
ICS-CERT and the FBI found no evidence of a cyber intrusion... In addition, there is no evidence to support claims made in the initial Illinois STIC report... that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure...
November 23, 2011 Added by:Headlines
While news that there was not a systems breach at the facility is certainly welcome, the conclusions of ICS-CERT and the FBI fail to provide an explanation as to why the Illinois Statewide Terrorism and Intelligence Center initially believed the facility had been compromised...
November 22, 2011 Added by:Headlines
ICS-CERT has not received any additional reports of impacted manufacturers of ICS or other ICS related stakeholders related to these events... any information about possible impacts to additional entities, it will disseminate timely mitigation information as it becomes available...
November 21, 2011 Added by:Chris Blask
Monitoring of water treatment networks using common SIEM or log management tools offers the kind of capability that can address the need for visibility into control system behavior. The ICS networks found in water facilities are deterministic systems with highly predictable behavior...
November 21, 2011 Added by:Robin Jackson
Those who see concerted nation-state cyber attacks in every compromised system are like the little boy who cried "Stuxnet" whenever a control system is hacked and those who poo-poo the vulnerabilities that come to light are like the little pig who built his house of straw and said "I'm safe"...
November 20, 2011 Added by:Scot Terban
Sure, the vulnerable system was online for anyone to hit up AND it was in such an un-secured state that pretty much anyone with a pulse could have messed with it. However, The FUD response from the government and the media will be the real disaster that will cause the most damage...
November 18, 2011 Added by:Headlines
"No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly. On the other hand, so is connecting interfaces to your SCADA machinery to the internet... This required almost no skill and could be reproduced by a two year old..."
November 18, 2011 Added by:Robert M. Lee
Information is still coming out on this event and the DHS has stated that they and FBI are still gathering information but believe none of the information so far indicates a risk to critical infrastructure. However, the concerns this incident raises are valid regardless...
November 16, 2011 Added by:Joel Langill
First, you need to expand your concept of an “embedded web server” beyond something that a user would use when launching a browser and entering a URL for the device. Vendors actually use embedded web servers for a number of reasons, and many of these vendors are leaders in the industry...
November 16, 2011 Added by:Headlines
"Utility cyber security is in a state of near chaos. After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand..."
November 15, 2011 Added by:Brent Huston
One of the largest identified issues among the conversations at the symposium was the idea that cooperation and coordination between control network operators and engineers and their peers on the traditional business-oriented IT staff is difficult, if not nearly impossible...
November 08, 2011 Added by:Headlines
"As the rate of bolder, more sophisticated cyber attacks continues to spiral upward, ensuring data integrity and security has become increasingly challenging. By necessity, preventing unauthorized intrusion into critical systems has become a top priority..."
November 01, 2011 Added by:Headlines
“The findings of this survey are somewhat alarming, given recent attacks like Nitro and Duqu that have targeted critical infrastructure providers,” said Dean Turner, director, Global Intelligence Network for Symantec...
October 31, 2011 Added by:Headlines
"Both Duqu and Stuxnet are highly complex programs with multiple components. All of the similarities from a software point of view are in the "injection" component implemented by the kernel driver. The ultimate payloads of Duqu and Stuxnet are significantly different and unrelated..."
October 24, 2011 Added by:Joel Langill
On October 20, Gleg released version 1.7 of the SCADA+ Exploit Pack for the Immunity Canvas framework, though this time around, I do not see a lot of unique value in the code updates. Modules of interest in this release represent the bulk of the ICS/SCADA vulnerabilities disclosed in September...
October 24, 2011 Added by:Kelly Colgan
Duqu executes a reconnaissance mission by collecting design documents from an entity—critical industrial infrastructure components such as SCADA systems—to facilitate a future attack. It’s naïve to think we’re immune to these advanced cyberthreats, even with many layers of protection...