For those that don’t follow me on Twitter® (@pjcoyle) there were some interesting
conversations and pointings at some interesting articles; including (see links
at my tag):
@pjcoyle
@PatrickCMiller1 Five Protocols That
Should Be Closely Watched (Dark Reading) http://j.mp/1c5EZGY
@pjcoyle @EmeregncyMgmt The enemy of my
enemy is my friend - http://tinyurl.com/qczgl7g -
Middle East Law
@pjcoyle @PatrickCMiller Good thing no one
in ICS is still using Windows XP or reads PDF files (SARCASM)
@pjcoyle @MichaelSlawski Unintended
consequences? What could go wrong? Perfect physical security, of course
@pjcoyle @ICS_SCADA Why detect? All that's
needed (grin) is a properly grounded Faraday Cage around all electronics.
@pjcoyle @PatrickCMiller Cute phase at end
"stopping the attackers before their electrons reach our shore" Would
that it were that easy.
NPPD Publishes
S&T R&D Questions
On Thursday the DHS National Protection and Programs
Directorate published a notice in the Federal Register (78 FR 73202-73203)
seeking public input on the development of a DHS S&T National Critical
Infrastructure Security and Resilience Research and Development Plan (NCISR
R&D Plan). It is kind of odd that NPPD is asking for input for an S&T
R&D plan but I guess since they have the lead on CI protection is makes
some sort of bureaucratic sense.
The list of potential
topics to be covered is kind of lengthy and obviously intends to touch all
bases; probably too many bases to be effective. It is good to see that they
have included “Cyber-Physical Systems” but there is nothing specifically about
chemical security.
NPPD is seeking public input including answers to three specific
questions. They have given an unusually short time frame for this response
(January 6th, 2014), which is particularly bad given the holiday
season, so I don’t expect that they’ll get much feedback. Comments may be
submitted via the Federal eRulemaking portal (www.Regulations.gov; Docket # DHS-2013-0074).
Linux Worm
Symantec had an brief, but interesting
note about a Linux worm that might have an effect on control systems. It
seems that there are a number of imbedded devices and periperials that use the
Linux operating system that may be vulnerable to attack by the Linux Darlloz
worm. This type of attack may then give attackers access to linked systems.
Nothing yet from ICS-CERT. Symantec does provide a nice list security
mitigation steps.
Markey the
Cybersecurity Senator
It looks like Sen. Markey (D,MA) is trying to carve out
cybersecurity as one of his particular areas of legislative interest. He sent letters to all
of the major car manufacturers asking pointed questions about cybersecurity
issues with the on-board computer systems in their vehicles. While control
system security questions were included, it seems that the largest focus of his
interest is with the privacy aspects of the potential problem. I expect that we
might hear something about a hearing next year.
Strengthening
Cybersecurity
The President’s Council of Advisors on Science and
Technology (PCAST) published
a report last month that I just noticed on strengthening cybersecurity. It
outlines some things that the Administration might be able to accomplish
without additional legislation. It makes two very interesting general
observations:
• The Federal Government rarely
follows accepted best practices. It needs to lead by example and accelerate its
efforts to make routine cyberattacks more difficult by implementing best
practices for its own systems.
• Many private-sector entities come
under some form of Federal regulation for reasons not directly related to
national security. In many such cases there is opportunity, fully consistent with
the intent of the existing enabling legislation, for promoting and achieving
best practices in cybersecurity.
Since this is just advisors talking possible strategies, I’m
not holding my breath waiting to see anything concrete come out of this. This
Administration is long on ideas and short on execution.
Posts
No comments:
Post a Comment