In this report we look at cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective and we look at a number of scenarios and threats relevant from a CIIP perspective, based on a survey of public sources on uptake of cloud computing and large cyber attacks and disruptions of cloud computing services.
Obama Signs Executive Order on Improving Critical Infrastructure Cybersecurity
13 Feb 2013
After numerous delays and debates, United States President Barack Obama has finally signed the long-awaited cybersecurity executive order. The executive order highlights the fact that cyber threat to critical infrastructure continues to grow, and that the country’s national and economic security depends on the reliable functioning of these systems.
New EU Cybersecurity strategy & Directive announced
07 Feb 2013
On Thursday, 7th of February the European Commission and the High Representative of the European Union for Foreign Affairs and Security Policy announced the EU's Cybersecurity Strategy, and a complementary proposal for a Directive on measures to ensure a high common level of cyber security across the EU.
The U.S. Department of Energy has confirmed that its computer systems were hacked into last month. During the cyberattack on the agency's computers and servers, the personal data of employees and contractors were stolen, but no classified data was leaked.
Largest cyber security exercise "Cyber Europe 2012" report published by ENISA
30 Jan 2013
ENISA has published the new report of the largest ever pan-Europe cyber security exercise, Cyber Europe 2012, which is available in 23 languages. Almost 600 individual players participated, including actors from the private sector for the first time. The conclusion: for fast and effective response to cyber incidents, knowledge of procedures and information flows is crucial.
US government officials warn of a possible cyber 9/11 involving banks, utilities or the Internet
29 Jan 2013
Security experts say that a cyber war has been brewing for at least the past year, and the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to citizens.
SCADA Password-Cracking Tool For Siemens S7 PLCs Released
22 Jan 2013
A Russian security researcher has unleashed a brute-force password-cracking tool that can capture passwords for Siemens S7 PLCs (Programmable logic controllers), which run machinery in power plants and manufacturing sites.
New advisory from ICS-CERT providing mitigation details for a vulnerability, which impacts SpecView products
18 Jan 2013
Independent researcher Luigi Auriemma identified a directory traversal vulnerability with proof-of-concept (PoC) exploit code affecting SpecView, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. Successful exploitation could result in data leakage and file manipulation.
Red October malware discovered after years of stealing data in the wild
18 Jan 2013
A shadowy group of hackers has siphoned intelligence data worldwide from diplomatic, government, and scientific research computer networks for more than five years. Red October uses a number of security vulnerabilities in Microsoft Excel, Word, and PDF documents types to infect PCs, smartphones, and computer networking equipment. It also uses Web-based Java exploits.