ICS Security: Friday News & Notes
- The long awaited KasperskyOS was officially released this week. They previewed it 2+ years ago at S4x15. Eugene writes:
Our (Kaspersky) OS is not an out-of-the-box product; it’s a project offering. We’re not selling a boxed solution with a cure-all for everyone. Instead, we collaborate with vendors and developers who provide, say, networking equipment, industrial automation systems, automotive solutions, even smart fridges.
It will be as interesting to see how much cyber nationalism affects the uptake of this OS as how it fares against security analysis. One thing I found a bit odd was there were not more early success stories highlighted in the rollout. This would be a typical approach for a new product that has been in process for so long.
- Two research papers show an increased research focus on attacking PLC’s. One paper is a Batman themed Attacking PLCs with Physical Model Aware Rootkit, and the other is Ransomware for Industrial Control Systems. I’ll write more on this next week, but ICS ransomware is more likely to be loss of view/loss of control rather than physical damage. It reduces the cost of attack significantly.
- The Australian Government created a Critical Infrastructure Centre last month. Now they are asking for input on how they can best help.
- The Medical Device Vulnerability Intelligence Program for Evaluation and Response (MD-VIPER) was created to be clearinghouse for medical device vulnerability info. It restricts info to cleared members, and of course those that find the vuln can choose to do what they want with it.
Dale Peterson & S4 Events
- S4x17 video from Kathryn Hume of Fast Forward Labs on Machine Learning. Rated by many attendees as one of their favorites
- Joel Langill’s, aka SCADAhacker, S4x17 video on Effective ICS Resilience
- Guest post from Eric Byres on his experience at the RSA Conference
- S4xEurope CFP is open until March 15th. Event is June 1–2 in Vienna.