ICS Security: Friday News & Notes
17–17 and 17–18: Two weeks worth
The Cyber-ITL, the group with Consumer Reports to test and certify product cybersecurity, received additional funding from DARPA to expand the program to included embedded devices and IoT. And Mudge will step out of day-to-day activities.
- Good article on the Hajime IoT worm and resulting botnet from Kaspersky … “its purpose remains unknown”
- File under water is wet … Trend Micro shows that insecure by design robots are subject to loss of control and loss of view with slick article and graphics.
- MS17–010 looks to be the new MS08–067, which we still see occasionally in the ICS world.
- Article on one of Reid’s favorites, DNS tunneling. Simple to fix even if needed to resolve an organization’s addresses.
- Time to sign up for Summer School with the University of Illinois’ Cyber Resilient Energy Delivery Consortium (CREDC) program.
- Lee and Miller’s article: Malware in Modern ICS. Useful way of breaking down ICS malware in 3 categories: nontargeted, ICS-themed, ICS-tailored.
- Huawei partnered with GE’s Predix. Initial reference project is Schlinder elevators and escalators. Predix is hungry and gobbling up a lot.
Dale Peterson and S4 Event Content
- Securing ICS in an IIoT World … The Simple Solution. Video of Dale’s S4x17 session.
- S4x17 Video Cyber Process Hazards Analysis to assess ICS Cybersecurity. Great primer on PHA and how to integrate cyber to the PHA process.
- Register now for S4xEurope, June 1–2 in Vienna, Austria