ICS-CERT Publishes Monitor

Today the DHS ICS-CERT folks published the latest version of the ICS-CERT Monitor. The latest version continues the change from a monthly publication (it used to be called the ICS-CERT Monthly [emphasis added] Monitor) to a quarterly; a move that was started last year.

Incident Response

The Monitor has three separate articles under the heading ‘incident response’. They include

• Attacker Leverages Public Information to Customize Spear-Phishing Campaign;

• Compromise via “Credential Storage” Vulnerability; and

• Watering Hole Attacks.

The ‘Watering Hole Attacks’ claims that ICS-CERT issued an alert about watering hole attacks exploiting Internet Explorer vulnerabilities. I can’t find any such alert on the ICS-CERT page (or blog about it on my page), so it probably was published on the US-CERT Secure Portal. That would be why most people did not see the report.

Situational Awareness

There are five situational awareness articles in this latest version of the Monitor, They include:

• CSET® 5.0  Released – Updated support to protect critical assets;

• Multiyear assessments reveal common vulnerabilities;

• Protecting credentials from compromised;

• Proper permission Management.

The list of common vulnerabilities provides a consolidated list of vulnerabilities in control systems. Those common vulnerabilities include:

• Permission, privileges and access controls;

• Improper authentications;

• Credentials management;

• Security configuration and maintenance;

• Planning/policy/procedures;

• Network design weaknesses; and

• Audit and accountability;

Two other routine features round out the latest edition; ‘Noteworthy news highlights’ and ‘Coordinated vulnerability disclosure’.

Sequestration

DHS sequestration woes are noted on page 11, the ‘Upcoming events 2013’ section shows that four of the five scheduled events were cancelled because of Sequestration. The cancelled training included:

• Houston Regional Training, March 26-29, 2013 [Opps this had already passed when this document was posted today];

• ICSJWG Introduction to Control Systems Cybersecurity Training;

• Industrial Control Systems Cybersecurity Spring Conference (5-9-13);

• Cybersecurity Training for Industrial Control Systems.

The remaining event, addressing ‘Industrial Control Systems; Cybersecurity, Training’; North American Partners is of limited utility since the link to the training information does not work.