Call for papers: Critical Infrastructure Protection and Resilience Europe
14 Jun 2013
Critical Infrastructure Protection and Resilience Europe, celebrated in February 2014, will bring together leading stakeholders from industry, operators and governments to collaborate on securing Europe in an age of uncertainty and developing existing national or international legal and technical frameworks, through to integrating good security risk management within the overall corporate strategic and governance objectives of the company responsible for the infrastructure. Call for papers period is open till 31st July 2013.
Following the U.S. Presidential Executive Order 13636, that calls for development of a national Cybersecurity Framework, key NIST staff asked to meet with AF (Automation Federation) and ISA subject matter experts immediately prior to the first of four NIST Cybersecurity Framework workshops, to discuss the central role that ISA99 industry standards for IACS security might play in the Framework.
Schneider moves on patching ancient SCADA vulnerabilities
14 Jun 2013
Schneider Electric has begun patching a hard-coded Ethernet credential vulnerability in its kit, a mere 18 months after it was discovered and published. The original vulnerability, discovered by Rubén Santamarta and published in December 2011, provided access over Ethernet to the telnet, FTP and Windriver debug ports of Schneider Electric's Quantum Ethernet Modules.
Data sharing, cooperation key to critical infrastructure security
10 Jun 2013
For the teams dedicated to protecting the networks that run critical infrastructure components, the difficulty of responding to CI attacks is being compounded by the nature of the threats and the barriers to gathering and sharing key information on emerging threats. An attacker interested in taking down a utility doesn’t need to be a state-sponsored professional or a government agent.
Uncovered hard-coded user accounts that could act as backdoors into production systems
10 Jun 2013
The security hole, which allows attackers to launch remote exploits, was found in a pair of industrial control devices. The kit is used across many industries - including agriculture and food, automotive and manufacturing - to control industrial plant equipment in the United States, Europe and Asia.
As of June 1st. 2013 the Icelandic National CERT has formally begun its operations. CERT-IS operates within the Post- and Telecom Administration in Iceland in keeping with regulation no. 475/2013, published by the Ministry of Interior and taking effect on June 1st. The team's constituency consists of the telecommunication sector and operators of critical informational infrastructure systems in Iceland. CERT-IS is the national point of contact for cyber security incidents and participates in international efforts and cooperation in this area.
This strategy provides a concept of national security, putting the security of Spain in the global context, and identifies risks and threats. On this basis and taking into account the strategic and vital interests of Spain, it sets the objectives to reach and lines of action to follow. It also provides general guidelines for the proper implementation of these lines, as well as a monitoring and control mechanisms. Overall, the strategy includes up to twelve safety risks among which are the vulnerability of critical infrastructure.
Microsoft Takes Botnet Threat Intelligence Program to the Cloud; Provides Near Real-Time Data
31 May 2013
Microsoft’s Orlando Ayala joined with the Secretary of State of Telecommunications and Information Society of Spain, Victo Calvo Sotelo, to announce an agreement for the Spanish CERT, INTECO, to become one of the first organizations to receive data from the C-TIP cloud service. The Spanish CERT joins the Luxembourg CERTs, CIRCL and govCERT, as an early adopter of this program, which allows ISPs and CERTs to receive updated threat data related to infected computers in their specific country or network approximately every 30 seconds.
ENISA has published its 2012 General Report, containing details of the Agency's work and achievements during the year. The 2012 report also details ENISA's work to assist EU Member States with operational security issues, relations with ENISA's stakeholders and its public affairs activities.
I Congress in the Network Security. CyberSpying and CyberSecurity
31 May 2013
This meeting will be dedicated to discuss issues related to cyber-security and cyber-espionage with experts of recognized value. It will focus too on recent events raised from the various reports and the latest news occurring around cybersecurity.