CSSP Web Page Update 02-19-10

The DHS CERT Control Systems Security Program (CSSP) web page has been updated. The new format includes a listing of “Notable Infrastructure Security News”. The pull down tab in the center of the page currently lists links to four news stories;

War game simulates cyberattack Cyberattack simulation highlights vulnerabilities Teaming up for security Shell hit by massive data breach

All of the stories are interesting reads, but the last one is kind of scary for employees. It seems that someone accessed and downloaded the Shell contact data base (phone numbers and email addresses for employees and contractors). The list was then forwarded to a number of activist organizations that have opposed various Shell operations around the world. According to the article it is not yet clear if it was an unauthorized internal access or an outsider hack. Of special concern is that this now opens the company to potential spear phishing attacks that could provide detailed access to company operations data and possibly control systems access.