I've started a mailing list on SCADA security "cyber security" and IT/infosec in relation to Critical Infrastructure. It is already a number of good, initiated, members from academia, vendors, users, government agencies, etc.
Drop me a note at rom * romab * com if you are interested to participate.
Showing posts with label CIIP. Show all posts
Showing posts with label CIIP. Show all posts
Tuesday, May 29, 2007
Monday, May 28, 2007
The attacks on Estonia
This post is to summarize the attacks last month on the digitaly interconnected parts of one of Sweden's neighboring country, Estonia.
The network attacks, different types of DoS and DDoS attacks, have spurred a flood of articles on newspapers and magazines. The attacks against Estonian Web sites started after the April 27 removal of a statue known as the Bronze Soldier, an old Soviet monument. The attacks have been seen to and from for close to a month.
Infoworld had an article on the subject of picking someone your own size In Washington Post they quote the Estonian defence minister saying: "We identified in the initial attacks IP numbers from the Russian governmental offices". If its true, that assault, and the way it was initially executed, is really bad politics.
There have been several longer articles on the recent events. The well known magazine The Economist pointed out in an article titled Newly nasty with subheading Defences against cyberwarfare are still rudimentary that:
Many accusations are pointing to Russia, but it is not very much (yet) in the news to give any clear indication on who, what or where the attacks are ultimately directed from. The head of the Estonian CERT, Hillar Aarelaid, made an estonian government web. Even the Estonian defense minister made some strong comments, according to the article Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks in The Sydney Morning Herald:
The ariticle also notes that the NATO defence ministers will discuss cyber defence at a meeting in Brussels in June. It might be both good and bad to have the big players starting to have an interest in this area. Probably mostly bad since the questions will get out of hands of skilled people and into the hands of politicians.
On the positive side, there are two good articles on the subject from two Internet Guru's. Kurt-Erik "kurtis" Lindqvist has a very good writeup on the whole situation Real lessons learned from the attacks on Estonia. Patrik "paf" Fältstrom have a shorter, but more graphical overview of the situation. These statements can certainly show how much media manage to twist a media covered story to change from the original story.
The network attacks, different types of DoS and DDoS attacks, have spurred a flood of articles on newspapers and magazines. The attacks against Estonian Web sites started after the April 27 removal of a statue known as the Bronze Soldier, an old Soviet monument. The attacks have been seen to and from for close to a month.
Infoworld had an article on the subject of picking someone your own size In Washington Post they quote the Estonian defence minister saying: "We identified in the initial attacks IP numbers from the Russian governmental offices". If its true, that assault, and the way it was initially executed, is really bad politics.
There have been several longer articles on the recent events. The well known magazine The Economist pointed out in an article titled Newly nasty with subheading Defences against cyberwarfare are still rudimentary that:
For the first time, a state faced a frontal, anonymous attack that swamped the websites of banks, ministries, newspapers and broadcasters; that hobbled Estonia's efforts to make its case abroad.
Many accusations are pointing to Russia, but it is not very much (yet) in the news to give any clear indication on who, what or where the attacks are ultimately directed from. The head of the Estonian CERT, Hillar Aarelaid, made an estonian government web. Even the Estonian defense minister made some strong comments, according to the article Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks in The Sydney Morning Herald:
"The EU and NATO need to work out a common legal basis to deal with cyber attacks. For example, we have to agree on how to tackle different levels of criminal cyber-activities, depending on whether what we are dealing with is vandalism, cyber-terror or cyber-war," he [Hillar Aarelaid, head of CERT-EE] said.
The ariticle also notes that the NATO defence ministers will discuss cyber defence at a meeting in Brussels in June. It might be both good and bad to have the big players starting to have an interest in this area. Probably mostly bad since the questions will get out of hands of skilled people and into the hands of politicians.
On the positive side, there are two good articles on the subject from two Internet Guru's. Kurt-Erik "kurtis" Lindqvist has a very good writeup on the whole situation Real lessons learned from the attacks on Estonia. Patrik "paf" Fältstrom have a shorter, but more graphical overview of the situation. These statements can certainly show how much media manage to twist a media covered story to change from the original story.
Friday, October 13, 2006
Process control networks and critical information infrastructure
Security in the societys information infrastructure or critical base infrastructure is a major concern these days. The reasons for this is, among other things:
The trend is that events that happens in the physical domain (e.g. sabotage, obstruction) also starts to happen in the electronical (often called "cyber") domain.
Many systems where designed long ago according to simple functional requirements, not to withstand a modern (potentially) hostile IT environment.
There is many people looking for new hot topics in the information security market....
Anyway, this article can serve as a simple starting point for this topic
The helpful people at UK's National Infrastructure Security Co-ordination Centre NISCC has produced quite some information in this area including best practise documents, architecture and design recommendations, etc.
A good place to get fresh information on embedded systems security, process control systems security, etc. is the SCADA Security Blog hosted by Digital Bond. Not only do they have some nice information, they've also produced a number of tools that might be useful. Cisco's Critical Infrastructure Group (CIAG) is another interesting place with some information.
SANS recently held a webcast on Cyber Attacks Against SCADA and Control Systems. Eric Byer talked about "his" ISID database on published incidents or attacks against process control systems and the sponsor Symantec talked some on their pen tests against process control systems. I have several problems with the ISID database:
The researchers draw a number of conclusions from a statistically limited number of incidents
The lack of publicly available information. I can live with fact that some data is hidden to protect the participating organizations, but the basic stuff - such as the definitions of "accidents", "incidents", etc, should be available for the
data to be usable.
I also have problems with not beeing able to get the research articles they've written on the subject.
I've tried to get some info from Eric and others at BCIT. So far all I've got is bounced mail....
DHS have released a report on the CyberStorm excercise, a large scale excercise with simulated attacks on critical infrastructure components. It describes, among other things, how important it is to get communication (oral, human communication) and trust working between involved parties during a crisis situation. In a context where you have a mix of govermental bodies, commercial entities and other organisations without established and trustworthy channels this might be a major problem. The excercise was done in the US, but I'd say that the conclusion is general and would be apropriate to most contries in the event of an attack against the critical infrastructure.
Other, older, reports and documents of interest include:
The GOA has also released an interesting report called CRITICAL
INFRASTRUCTURE PROTECTION -DHS Leadership Needed to Enhance Cybersecurity.
National infrastructure advisory council report on prioritizing cyber vulnerabilities
Anyway, this article can serve as a simple starting point for this topic
The helpful people at UK's National Infrastructure Security Co-ordination Centre NISCC has produced quite some information in this area including best practise documents, architecture and design recommendations, etc.
A good place to get fresh information on embedded systems security, process control systems security, etc. is the SCADA Security Blog hosted by Digital Bond. Not only do they have some nice information, they've also produced a number of tools that might be useful. Cisco's Critical Infrastructure Group (CIAG) is another interesting place with some information.
SANS recently held a webcast on Cyber Attacks Against SCADA and Control Systems. Eric Byer talked about "his" ISID database on published incidents or attacks against process control systems and the sponsor Symantec talked some on their pen tests against process control systems. I have several problems with the ISID database:
data to be usable.
I also have problems with not beeing able to get the research articles they've written on the subject.
I've tried to get some info from Eric and others at BCIT. So far all I've got is bounced mail....
DHS have released a report on the CyberStorm excercise, a large scale excercise with simulated attacks on critical infrastructure components. It describes, among other things, how important it is to get communication (oral, human communication) and trust working between involved parties during a crisis situation. In a context where you have a mix of govermental bodies, commercial entities and other organisations without established and trustworthy channels this might be a major problem. The excercise was done in the US, but I'd say that the conclusion is general and would be apropriate to most contries in the event of an attack against the critical infrastructure.
Other, older, reports and documents of interest include:
INFRASTRUCTURE PROTECTION -DHS Leadership Needed to Enhance Cybersecurity.
Subscribe to:
Posts (Atom)
