Yesterday the DHS ICS-CERT published the latest version of
their ICS-CERT
Monitor. Lots of DHS ‘corporate’ type news in this issue, but nothing about
any industrial control system incidents.
The opening article, which usually describes a recent
incident, provides an overview of what types of services ICS-CERT provides when
responding to a control system security incident. I had really been hoping to
see some more details about the Navis
WebAccess problem that resulted in an alert, an incident response alert and
an advisory back in August. This was apparently a very limited in application
(very small number of systems) incident, but it was an SQL injection attack on
a maritime control system in the wild.
Other corporate news included:
• Presidential Policy Directive on
Cyber Incident Coordination;
• US-CERT Portal moving to HSIN,
changing name in Fall 2016;
• CSET 8.0;
• ICSJWG Fall 2016 Meeting preview;
• NCCIC team wins 1st Place at
FIRST Conference in Seoul; and
• ICS-CERT Training pursuing status as accredited
provider of Continuing Education Units;
For those readers that really pay attention to ICS-CERT operations,
this issue does provide some interesting information. But, if you were hoping
to learn something about industrial control system security issues, this is
probably a waste of time.
Posts
No comments:
Post a Comment