Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Spraying, The Iranian Password Gambit

January 13, 2020 by Marc Handelman in ICS/SCADA, Information Security

Attributed to 'Magnallium' (AKA APT 33), by the Dragos Security Team (and commented on by Robert M. Lee - CEO of Dragos Security); and detailed at Wired by the inimitable Andy Greenberg...

'"I've not seen any capability by them to be able to cause significant disruption or destruction on infrastructure," Lee says.' - Robert M. Lee, CEO of Dragos Security and quoted in a brief interview by Andy Greenberg at Wired

January 13, 2020 /Marc Handelman
ICS/SCADA, Information Security

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics.

Robert M. Lee's & Jeff Haas' Little Bobby Comics, 'Don't' →

December 08, 2019 by Marc Handelman in Little Bobby Comics, Robert M. Lee, Jeff Haas, Security Humor, Sarcasm, Satire, ICS/SCADA, IT, OT, Information Security
December 08, 2019 /Marc Handelman
Little Bobby Comics, Robert M. Lee, Jeff Haas, Security Humor, Sarcasm, Satire, ICS/SCADA, IT, OT, Information Security

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics.

Robert M. Lee's & Jeff Haas' Little Bobby Comics 'The Lacking' →

November 12, 2019 by Marc Handelman in Little Bobby Comics, ICS/SCADA, ICS Protocols, Security Humor, Satire, Sarcasm
November 12, 2019 /Marc Handelman
Little Bobby Comics, ICS/SCADA, ICS Protocols, Security Humor, Satire, Sarcasm

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics.

Robert M. Lee's & Jeff Haas' Little Bobby Comics, 'Old' →

October 20, 2019 by Marc Handelman in Little Bobby Comics, Security Humor, ICS/SCADA, Sarcasm, Satire
October 20, 2019 /Marc Handelman
Little Bobby Comics, Security Humor, ICS/SCADA, Sarcasm, Satire

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics.

Robert M. Lee's & Jeff Haas' Little Bobby Comics, 'Priority' →

October 14, 2019 by Marc Handelman in Little Bobby Comics, Security Humor, ICS/SCADA, Security Triage
October 14, 2019 /Marc Handelman
Little Bobby Comics, Security Humor, ICS/SCADA, Security Triage

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics.

Robert M. Lee's & Jeff Haas' Little Bobby Comics, 'Doughnuts' →

October 06, 2019 by Marc Handelman in Little Bobby Comics, ICS/SCADA, Information Security, Physical Security, Security Humor
October 06, 2019 /Marc Handelman
Little Bobby Comics, ICS/SCADA, Information Security, Physical Security, Security Humor

Electrifying: Play-By-Play

September 12, 2019 by Marc Handelman in ICS, ICS/SCADA, Information Security, Electrical Engineering, Utility Companies, Utility Providers, Utilities, Cybersecurity, Cyber Statecraft

via William Knowle's Infosec News (a security news compilation organization), comes this fascinating North American Electric Reliability Corporation (NERC) report document (expertly presented by E&ENews Reporter Blake Sobczak) - ostensibly, a 'play-by-play' of the first cyberattack of a US Energy Utility. Think it can't happen here? It already has...

"But the March 5 event was significant enough to spur the victim utility to report it to the Department of Energy, marking the first disruptive "cyber event" on record for the U.S. power grid (Energywire, April 30). The case offered a stark demonstration of the risks U.S. power utilities face as their critical control networks grow more digitized and interconnected — and more exposed to hackers. "Have as few internet facing devices as possible," NERC urged in its report." - via E&ENews reporter Blake Sobczak

September 12, 2019 /Marc Handelman
ICS, ICS/SCADA, Information Security, Electrical Engineering, Utility Companies, Utility Providers, Utilities, Cybersecurity, Cyber Statecraft

via the respected information security capabilities of Robert M. Lee & the superb illustration talents of Jeff Hass at Little Bobby Comics.

Robert M. Lee's & Jeff Hass' Little Bobby Comics: 'The Arrogator' →

August 18, 2019 by Marc Handelman in ICS/SCADA, ICS Protocols, Information Security, Incident Management, Incident Response, Incident Handling, Sarcasm, Satire, Security Comics, Security Humor
August 18, 2019 /Marc Handelman
ICS/SCADA, ICS Protocols, Information Security, Incident Management, Incident Response, Incident Handling, Sarcasm, Satire, Security Comics, Security Humor

ICS Attacks, The Real National Emergency

June 20, 2019 by Marc Handelman in ICS/SCADA, ICS, Information Warfare, Information Technology, Information Security, Network Security, Network Protocols, ICS Protocols

News, via the astonishingly prolific security writer Dan Goodin, editing, and reporting at Ars Technica, tells the tale of oil and gas network attacks in the United States, by a group monikered Xenotime. Think we're protected? Think again. Read the Dragos security researcher's post for truly concerning national security relevance.

"The group, now dubbed Xenotime by Dragos, quickly gained international attention in 2017 when researchers from Dragos and the Mandiant division of security firm FireEye independently reported Xenotime had recently triggered a dangerous operational outage at a critical-infrastructure site in the Middle East." via Dan Goodin, Security Editor reporting at Ars Technica

##

"Ultimately, XENOTIME’s expansion to an additional ICS vertical is deeply concerning given this entity’s willingness to undermine fundamental process safety in ICS environments placing lives and environments at great risk. - via Dragos

June 20, 2019 /Marc Handelman
ICS/SCADA, ICS, Information Warfare, Information Technology, Information Security, Network Security, Network Protocols, ICS Protocols

When a Tree Falls in St. Louis, Will the Power Go Out?

May 09, 2019 by Marc Handelman in Physical Power Networks, Forestry, Artificial Intelligence, Machine VIsion, Machine Learning, UAV, ICS/SCADA, ICS, Electrical Engineering, Infrastructure, Infrastructure Security

A superlative bit of combinatorial scholarship coming out of St. Louis University, where Sean Hartling, Vasit Sagan, Paheding Sidike, Maitiniyazi Maimaitijiang and Joshua Carron have lashed-up geospatial sciences, machine learning, UAVs, and no-small level of intellectual virtuosity to study trees, the natural felling thereof, and power outages. Todays' Must Read for you ICS Boffins and Foresty geeks (while not ignoring the AI, ML, UAv and Network Information Security types as well).

"At SLU, geospatial science meets machine learning. In a study recently published in Sensors, Saint Louis University researchers paired satellite imaging data with machine learning techniques to map local tree species and health. The data generated by the project will help inform best practices for managing healthy green spaces as well as trimming programs to avoid power outages following storms." - via Carrie Bebermeyer, Senior Media Relations Specialist at St. Louis University

May 09, 2019 /Marc Handelman
Physical Power Networks, Forestry, Artificial Intelligence, Machine VIsion, Machine Learning, UAV, ICS/SCADA, ICS, Electrical Engineering, Infrastructure, Infrastructure Security

via the respected information security capabilities of Robert M. Lee & the superb illustration talents of Jeff Haas at Little Bobby Comics.

Robert M. Lee's & Jeff Haas' Little Bobby Comics, 'Deeply Learning' →

February 10, 2019 by Marc Handelman in Little Bobby Comics, ICS/SCADA, Information Security, Security Humor, Satire, Sarcasm
February 10, 2019 /Marc Handelman
Little Bobby Comics, ICS/SCADA, Information Security, Security Humor, Satire, Sarcasm

via the respected information security capabilities of Robert M. Lee & the superb illustration talents of Jeff Hass at Little Bobby Comics.

Robert M. Lee's & Jeff Hass' Little Bobby Comics: 'ICS' →

January 27, 2019 by Marc Handelman in ICS/SCADA, Information Security, Little Bobby Comics, Security Humor
January 27, 2019 /Marc Handelman
ICS/SCADA, Information Security, Little Bobby Comics, Security Humor

Image Credit: Courtesy of Busy Beaver Button Club - https://www.buttonmuseum.org/

Reddy Kilowatt Says, 'Good Luck With That'

November 18, 2018 by Marc Handelman in ICS/SCADA, Cyberterror, Cyberwar, Information Security

via Lily Hay Newman, plying the scrivener trade for Condé Nast Inc. publication Wired, comes this superlative reportage, detailing the so-called 'Hail Mary Plan to Restart a Hacked US Electric Grid'. Good luck with that.

"But while the situation was manufactured, the conditions of the exercise were all too real. Researchers built their test grid off of the already isolated power grid on Plum Island, a Department of Homeland Security animal disease research facility at the tip of Long Island's North Fork." - via Lily Hay Newman reporting for Wired Magazine, comes this outstanding story detailing the so-called 'Hail Mary Plan to Restart a Hacked US Electric Grid'

November 18, 2018 /Marc Handelman
ICS/SCADA, Cyberterror, Cyberwar, Information Security

DerbyCon 2018, Justin Herman's 'Off-Grid Coms And Power' →

November 05, 2018 by Marc Handelman in Irongeek, Information Security, ICS/SCADA, Education, Conferences, Communication Security, Communications, DerbyCon

Videography Credit: Irongeek (Adrian Crenshaw).

November 05, 2018 /Marc Handelman
Irongeek, Information Security, ICS/SCADA, Education, Conferences, Communication Security, Communications, DerbyCon

via the Security Mindset of Robert M. Lee and Illustration talents of Jeff Haas at Little Bobby Comics

Robert M. Lee and Jeff Haas' Little Bobby Comics 'ICS Vulnerabilities' →

September 02, 2018 by Marc Handelman in Little Bobby Comics, Security Humor, Security Comics, Sarcasm, Satire, ICS, ICS/SCADA
September 02, 2018 /Marc Handelman
Little Bobby Comics, Security Humor, Security Comics, Sarcasm, Satire, ICS, ICS/SCADA

via the Security Mindset of Robert M. Lee and Illustration talents of Jeff Haas at Little Bobby Comics

Robert M. Lee and Jeff Haas' Little Bobby Comics 'What Is IT-OT Convergence?' →

August 27, 2018 by Marc Handelman in Little Bobby Comics, Security Humor, Sarcasm, Satire, ICS/SCADA, ICS
August 27, 2018 /Marc Handelman
Little Bobby Comics, Security Humor, Sarcasm, Satire, ICS/SCADA, ICS

BSides NolaCon 2018, Nathan Wallace and Luke Hebert's 'Taking Out The Power Grid's Middleman' →

June 21, 2018 by Marc Handelman in BSides, BSides NolaCon, Conferences, Education, Information Security, ICS/SCADA, Power Generation
June 21, 2018 /Marc Handelman
BSides, BSides NolaCon, Conferences, Education, Information Security, ICS/SCADA, Power Generation

All's Not Quiet On The SCADA Front →

May 03, 2018 by Marc Handelman in Hardware Security, ICS/SCADA, ICS, Information Security, Network Security, Must Read, Water Systems

via Zack Whittaker timely reportage for ZDNet's Zero Day group, his work provides insight to the tangled-web-we-weave in the ICS/SCADA world. This time - the ramifications of a particularly-pesky security flaw in a Schneider product (amongst thousands of other known bugs in hundreds of other software packages coupled with poor software management practices in the industrial control systems sector combine to make a very poor nap at the control boards, indeed. Just ask Homer! Today's Critical Must Read Choice.

"It's the latest vulnerability that risks an attack to the core of any major plant's operations at a time when these systems have become a greater target in recent years. The report follows a recent warning, issued by the FBI and Homeland Security, from Russian hackers. The affected Schneider software, InduSoft Web Studio and InTouch Machine Edition, acts as middleware between industrial devices and their human operators. It's used to automate the various moving parts of a power plant or manufacturing unit, by keeping tabs on data collection sensors and control systems. " - via Zack Whittaker writing for ZDNet's Zero Day

May 03, 2018 /Marc Handelman
Hardware Security, ICS/SCADA, ICS, Information Security, Network Security, Must Read, Water Systems

BruCON 0x09, Arnaud Soullié's 'DYODE - Do Your Own Dyode' →

December 27, 2017 by Marc Handelman in BruCON, Conferences, Education, Information Security, ICS, ICS/SCADA
December 27, 2017 /Marc Handelman
BruCON, Conferences, Education, Information Security, ICS, ICS/SCADA

33c3, Netanel Rubin's 'On Smart Cities, Smart Energy, And Dumb Security' →

January 06, 2017 by Marc Handelman in All is Information, Utilities, Common Sense, Conferences, Control Systems, ICS/SCADA, Information Security, Smart Grids, Smart Meters
January 06, 2017 /Marc Handelman
All is Information, Utilities, Common Sense, Conferences, Control Systems, ICS/SCADA, Information Security, Smart Grids, Smart Meters
  • Newer
  • Older