The protection of infrastructure such as nuclear power or control systems pitchers warhead missiles in countries like USA, France and England, is one of the areas where more resources are invested, since the consequences of a hypothetical attack could be devastating. And, even remotely, and by many measures taken the risk exists as private experts say.
It is unrealistic to set long-term goals considering as such the horizon 2017-2018, as proposed in the Roadmap industrial cybersecurity Spain. Like it or not, in a sector where some still use PLC operating systems and protocols over 20 years old, 5 years is a period, at most, half, at least for now.
The North American Electric Reliability Council (NERC) will hold its own war game this month with a simulated attack on the U.S. power grid. The drill, called GridEx II, will take place on November 13-14. The participants will include 65 utilities and eight regional transmission organizations, representing most of the nation’s electricity customers. The drill will test how well the electric utility industry and the grid itself respond to physical and cyber attacks.
Cybersecurity strategy and actions - The Automation Federation is leading the way for the protection of U.S. critical infrastructure
11 Nov 2013
Cyberattacks on industrial operations are a growing concern with potential to disrupt the economy and do harm. NIST and the White House have called on the Automation Federation to help implement the cybersecurity framework called for in Presidential Executive Order 13636. The Automation Federation and ISA continue to participate in the NIST Cybersecurity Framework Workshops..
Report: UN Nuclear Regulator infected with malware
4 Nov 2013
The United Nations’ nuclear regulatory body, the International Atomic Energy Agency (IAEA), announced yesterday that it found malicious software on a number of its machines, but that its networks have not been compromised. According to a Reuters report, the infected computers were housed in a common area of the IAEA’s Vienna, Austria headquarters, known as the Vienna International Center.
Researchers Uncover Holes That Open Power Stations to Hacking
4 Nov 2013
A pair of researchers have uncovered more than two dozen vulnerabilities in products used in critical infrastructure systems that would allow attackers to crash or hijack the servers controlling electric substations and water systems. The vulnerabilities include some that would allow an attacker to crash or send a master server into an infinite loop, preventing operators from monitoring or controlling operations. Others would allow remote code-injection into a server, providing an opportunity for an attacker to open and close breakers at substations and cause power outages.
Spanish Secretariat of State for Security will create a Coordination Office in Cybernetics
4 Nov 2013
In the opening ceremony of the Global Center for Cybersecurity Operations, CyberSoc, Secretary of State for Security Spanish, Francisco Martinez, gave a talk entitled "Cybersecurity: A public-private partnership" , which highlighted the importance of rapid exchange of information and collaboration between the public and private "to give a coordinated response to cyber threats".In addition, with a view to improving coordination and responsiveness to cybersecurity incidents, Francisco Martinez, who has been cited as main objectives prevent the terrorist threat and the protection of critical infrastructure, today announced that the Secretariat of State for Security will create a Coordination Office in Cybernetics.
US government releases draft cybersecurity framework
4 Nov 2013
The National Institute of Standards and Technology released its draft cybersecurity framework for private companies and infrastructure networks on Tuesday. These standards are part of an executive order that President Obama proposed in February. The aim of NIST's framework is to create guidelines that companies can use to beef up their networks and guard against hackers and cybersecurity threats. Adopting this framework would be voluntary for companies. NIST is a non-regulatory agency within the Department of Commerce.
Final conference of CloudCERT European project to present its results achieved
28 Oct 2013
The European project CloudCERT which is co-financied by the European Union (EU) and whose project consortium is co-ordinated by INTECO, is holding its Final Conference on November 22 at the Spanish Secretariat of State of telecommunications and information society (SETSI) in Madrid (Spain). The conference will present the results obtained during the execution of the project (2012-2013), demonstrating the CloudCERT platform for sharing cyber-security information that it has produced, as well as the various other deliverables generated by the project.
Could Attackers Really Bring Down the Power Grid With This Widely Used Protocol?
28 Oct 2013
Vulnerabilities identified by researchers Chris Sistrunk and Adam Crain stem from the use of industrial control system protocols called DNP3, which enable SCADA (supervisory control and data acquisition) systems to communicate between master control centers and remote units, such as substations through which electric power flows. By gaining access to the remote units, either physically through break-ins at the units or, less frequently, remotely through wireless technology, attackers can leverage buggy implementations of DNP3 to send bad data or messages back to the utility's control servers, potentially crippling electric utilities' control over their networks.