Information Security & Occasional Forays Into Adjacent Realms
Bob Radvanovsky, of Infracritical SCADASEC fame and Critical Infrastructure Protection and Cyber Security Researcher, has completed the RuggedTrax project, and published the findings thereto. Outstanding work Mr. Radvanovsky.
Via Gartner Research Vice President Anton Chuvakin, Ph.D., comes a superb screed prompted by JeepGate. Today's Must Read.
In a tour de force post on the Unfettered blog, highly respected Industrial Control Systems Information Security Professional Joe Weiss targets systemic problems in the ICS arena. One of those problems is apparently the correct identification and reporting of security incidents in the ICS realm. If you read anything today on ICS / SCADA information and Network Security, read Joes' blog post - it's simply that important.
The National Institute of Standards and Technology (NIST) has announced the release of Special Publication 800-82, Revision 2, Guide to Industrial Control Systems (ICS) Security. Outstanding.
Superb rebuttal co-authored by Robert M. Lee, CAPT USAF (see Captain Lee's personal rebuttal of the NORSE and AEI document here), Michael J. Assante Co-Founder and Chief Security Strategist, NexDefense, Inc., and Tim Conway, ICS and SCADA Technical Training Director at SANS targeting the report entitled "The Growing Cyberthreat from Iran: The Initial Report of Project Pistaschio Harvest" produced by Norse and the American Enterprise Institute. Read it and Weep.
via David Bisson, writing at Tripwire's State of Security blog, comes a particularly dire warning from Keith Alexander, GEN (RET) USA (RET), holder of a Bronze Star and the 16th Director of the United States National Security Agency, focusing on the security bulwarks of the embattled Energy Sector.
The National Institute of Standards and Technology (NIST) has announced a new internal report detailing a framework targeting Smart Meter Upgradability (NIST Internal Report NISTIR 7823), Advanced Metering Infrastructure Smart Meter Upgradeability Test Framework). Authored by Michaela Iorga (a member of the Computer Security Division, in the Information Technology Laboratory (ITL) at NIST) and Scott Shorter (of Electrosoft Services, Inc. in Reston, Virgina), the document is also available at the International DOI System under NIST.IR.7823.
I reckon the document's abstract sums it up quite nicely:
"As electric utilities turn to Advanced Metering Infrastructures (AMIs) to promote the development and deployment of the Smart Grid, one aspect that can benefit from standardization is the upgradeability of Smart Meters. The National Electrical Manufacturers Association (NEMA) standard SG-AMI 1-2009, “Requirements for Smart Meter Upgradeability,” describes functional and security requirements for the secure upgrade—both local and remote—of Smart Meters. This report describes conformance test requirements that may be used voluntarily by testers and/or test laboratories to determine whether Smart Meters and Upgrade Management Systems conform to the requirements of NEMA SG-AMI 1-2009. For each relevant requirement in NEMA SG-AMI 1-2009, the document identifies the information to be provided by the vendor to facilitate testing, and the high-level test procedures to be conducted by the tester/laboratory to determine conformance." - via NIST IR 7823
Meanwhile, you can also track, examine and attempt to contain your surprise at the latest, recognized industiral control systems & supervisory control and data acquisition systems vulnerabilities from our colleagues st US-CERT, here.
