Home » News » heartbleed

Tag: heartbleed

Industrial Control Cyber Security USA 2017 Cyber Senate conference

“The security threats to U.S. critical infrastructure span the digital divide” Presented by Idaho National Labs this October in Sacramento

The security threats to U.S. critical infrastructure span the digital divide. Resent attacks, like those in the Ukraine, blend the cyber and physical environment to cause confusion within and damage to the production environment. Modern cyber defense requires sophisticated operational tactics and strategies. Although, cyber hygiene is essential for fending off the daily barrage of lower level threats that can impair an organization’s performance, few companies are prepared for a targeted attack on their core operational processes from an advanced adversary.

 

If it can be programmed, it can be hacked. This daunting reality facing our interconnected and digital environments has been described as a battle to be won every day by cybersecurity professionals.

Control systems present unprecedented challenges as they are transitioned to a modern architecture based on digital control systems and increasingly wireless communications systems.  This transition creates a paradox – more efficient, effective operation, but dramatically increased vulnerabilities and attack surfaces.

 

INL’s unparalleled capabilities in nuclear nonproliferation and cybersecurity are fundamentally changing how the nation and world approach complex threats to nuclear assets, energy systems and cyber-physical systems.

 

•       Internationally recognized nonproliferation experts with real-world experience in nuclear facility inspection, physical protection, modeling and simulation, material science, physics and engineering.

 

•       Comprehensive instrumentation and control, cyber and nuclear nonproliferation capabilities with similar nuclear infrastructure and examination equipment found worldwide.

 

•       INL’s full-scale infrastructure includes; isolated, industry scale power grid, water and telecommunication distribution systems to provide an expansive and unique test site that can replicate critical services across a region or municipality.

 

•       Inclusive nuclear security approach that allows for field and laboratory technology evaluation.

 

•       Replication of typical control system network for architecture reviews and system hygiene to support asset owners in securing their systems.

 

•       Protocol analysis, reverse engineering and cybersecurity forensics to advance persistent threat mitigations for the nuclear industry.

 

•       Cyber-informed risk methods and unique engineering methodologies and tools designed to anticipate cyber and physical security risk, and inform investment strategies.

 

•       Frameworks for prioritization of investments and threat indicators to inform and advanced security profile for high-consequence operations.

 

Safeguarding critical infrastructure including the power grid, nuclear materials and facilities is inextricably linked to the cybersecurity of the command and control environment.

 

These environments are complicated by instrumentation and controls that are continuously connected with information technology and wireless communications.

 

An integrated cyber physical security approach is essential to address the resiliency of the power and nuclear installations and continuity of operations.

 

INL’s world-leading cyber and industrial control systems security experts are changing the way the nation and the world meet the unique security demands of operational environments.

 

 

Cyber Senate 4th annual Industrial Control Cybersecurity Europe conference

Why USB devices are still the #1 source of malware in Industrial Control Systems, presented by Honeywell

This September in London and October in Sacramento, we learn from Honeywell why USB devices are still the #1 source of malware in ICS. This discussion will help you understand how USB devices can pose a threat even without malware, including:
o Surprisingly effective HID attacks
o More advanced threats posed by rogue network devices, serial adapters and more
Participants in London and Sacramento will see real examples of the impact these attacks can pose to ICS, plus Eric Knapp, Global Director of Cyber Security Solutions and Chief Cyber Security Engineer for Honeywell Process Solutions asks “Are these really advanced? Do you even have to worry about this?”

This year all critical national infrastructure are invited to join both shows free as an initiative to further cyber resilience in both public and private domains!
Contact Daryl Fig for your free guest pass for your team at daryl.fig@cybersenate.com

4th Annual Industrial Control Cyber Security Europe
Millennium Gloucester Hotel
London United Kingdom
September 19/20th
www.industrialcontrolcyberseceurope.com
Headline Sponsors Leidos
Co Sponsors Honeywell
Associate Sponsor Verve Industrial Protection
Associate Sponsor Airbus

Network and share best practice with leaders from Nuclear, Water, Oil and Gas, Chemical, Automotive and Smart Grid sectors

4th Annual Industrial Control Cyber Security USA Summit
The Sutter Club
Sacramento California
October 3/4
www.industrialcontrolcybersecusa.com
Co-Sponsors
Cyber Ark
Honeywell
Unisys

Associate Sponsors
Attivo Networks

Further events you won’t want to miss from the Cyber Senate:
European Rail Cyber Security Working Group, September 11/12th London
Aviation Cyber Security Summit, November 21/22 London United Kingdom
www.cybersenate.com

Cyber Senate 4th annual Industrial Control Cybersecurity Europe conference

4th Annual Industrial Control Cyber Security Europe Summit London September 19/20th

ICS and the need for public and private information sharing

The cyber attacks from the last week have affected entities globally, from telecommunication infrastructure to medical facilities across the UK to European utilities as well as multiple other types of industries and consumers. The WannaCry ransomware will go down in history for setting an example of how malicious software can disrupt global networks, leaving systems crippled until demands are met.

This highlights so many issues we at the Cyber Senate have been working so hard to bring to our forums. We believe there is so much work to be done to fully understand how we can better develop a culture of awareness within our organisations, and how we address the skills gap in our industry. We Tneed to have a better understanding of the risks of 3rd party applications and the supply chain, as well as better educate procurement. There is still much work to do in developing synergies between IT and OT divisions wrestling with convergence, in understanding that compliance doesn’t equal security and that just because “you’re not connected to the internet” that you’re cyber secure. That is just a few areas we need better insight. On another note, how many ICS systems are still running a unpatched version of Windows XP?

Cyber attacks that impact critical national infrastructure can ultimately cost lives. That is why these discussions are so important. These events are built to facilitate public and private information sharing, to assist you and your team in understanding how your industry counterparts are meeting the challenge, what you are doing right, wrong, and to help define “what is best practice?”

We hear a lot about vendor accountability and disclosure which is another piece of this puzzle that needs to be addressed. We, however, believe people are the most important factor in the cyber kill chain. Technology will never tick all the boxes, it can and does fail and so do humans. It is how we get up, respond, move forward and learn from these lessons that count.

We hope to meet you in 2017. If we can help you bridge the gap, do not hesitate to reach out.

The Cyber Senate announce ICS ISAC Alliance

ICS-ISAC Chair Chris Blask noted that Cyber Senate is an example of an information sharing organization which spans key demographics. “The mission of information sharing involves many stakeholders groups across the entire global community. Cyber Senate captures key thought leaders and works to share information among them and with critical communities. We see Cyber Senate as a highly valuable organization and are pleased to support the good work they are doing.”

New Trojan based campaign, apparently focused on the Middle East, targeting energy companies and specifically trade secrets.

According to Symantec, “A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.”

More information can be found on Symantecs blog and we highly suggested familiarising your firm with this latest threat as although it is focused on the Middle East, it started as a “Multi staged attack campaign against energy companies around the world.”

http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector

the Industrial Control Systems Cyber Emergency Response Team received and responded to 245 incidents reported by asset owners and industry partners.

“The Energy Sector led all others again in 2014 with the most reported incidents” Please find the report here https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf
“Of the total number of incidents reported to ICS-CERT, roughly 55 percent involved advanced persistent threats (APT) or sophisticated actors. Other actor types included hacktivists, insider threats, and criminals. In many cases, the threat actors were unknown due to a lack of attributional data.”
Those involved in the security sector however are quoting numbers for higher than this, as many incidents go unreported.

The Department of Homeland Security join as Key Note Speakers

The Cyber Senate are pleased to announce Mr Marty Edwards, Director ICS CERT, Department of Homeland Security will be joining us as the Key Note speaker on October 13th and 14th in Sacramento California for the 2nd annual Industrial Control Cyber Security USA conference. 

Marty Edwards Photo (1)

Assistant Deputy Director, National Cybersecurity and Communications Integration Center (NCCIC) Director, Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Department of Homeland Security Marty Edwards is the Director of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an operational division of the department’s National Cybersecurity and Communications Integration Center (NCCIC) and the DHS Office of Cybersecurity and Communications (CS&C) ICS-CERT works to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local and tribal governments, as well as industrial control systems owners, operators and vendors. In collaboration with the other NCCIC components the ICS-CERT responds to and analyzes control systems related incidents, conducts vulnerability and malware analysis, and shares and coordinates vulnerability information and threat analysis through products and alerts.

Mr. Edwards has over 20 years of experience and brings a strong industrial control system industry focus to DHS. Before coming to the ICS-CERT, Mr. Edwards was a program manager focused on control systems security work at Idaho National Laboratory. Prior to his work at the laboratory, Mr. Edwards held a wide variety of roles in the instrumentation and automation fields, including field service, instrument engineering, control systems engineering and project management. Mr. Edwards has also held various positions in nonprofit organizations, including Chairman of the Board for one of the automation communities’ largest user group conferences. Mr. Edwards holds a diploma of technology in Process Control and Industrial Automation (Magna cum Laude) from the British Columbia Institute of Technology.

Attack on Pakistan Grid leaves 140 million without electricity

According to Skynews, “some 140 million people were left without electricity after a transmission line was attacked, knocking out the national grid.”

Power has been restored to much of Pakistan after more than 140 million people were plunged into darkness due to an apparent rebel attack on a key power line.

Up to 80% of the country’s population lost electricity in the early hours of Sunday and disruption was reported at Lahore’s international airport, but flights were not affected.
Read more

Common Cyber Attacks: Reducing The Impact – CERT UK

“In GCHQ we continue to see real threats to the UK on a daily basis, and I’m afraid the scale and rate of these attacks shows little sign of abating.”
Robert Hannigan
Director GCHQ
http://goo.gl/2RaCGD

Operation Dragonfly Imperils Industrial Protocol

By  ,  on Jul 02, 2014
Reblogged with permission orginal article here http://blogs.mcafee.com/mcafee-labs/operation-dragonfly-imperils-industrial-protocol

Recent headlines (here and here) may have struck fear into those living near major energy installations due to references about the Stuxnet malware. In 2009, this particular strain of malware caused significant damage to the Nantanz nuclear facility, reportedly destroying a fifth of Iran’s nuclear centrifuges. Recent reports about Operation Dragonfly, however, appear to be focused on espionage (at least for now), and the scope of the attack appears to be considerably broader than that of Stuxnet. Read more

The Cyber Senate announces two international Industrial Control Cyber Security meetings to address Critical National Infrastructure threats

industrial control cyber security USA  industrial control cyber security europeKey Government, Oil and Gas, Electric and Water Utilities have agreed to share  professional and collective insight at two conferences, being held back to back in London,  Kingdom and Sacramento California, to address security threats surrounding industrial  and process automation systems, the backbone of our global energy infrastructure.

A highly anticipated “Heartbleed” demonstration will be provided by the Finnish security firm responsible for  and “outing” the Heartbleed Bug, Codenomicon. The presentation will focus on “The impact and what you need to know.”

The National Institute of Standards and Technology (NIST), Chief Cyber Security Advisor, recently confirmed  both conference locations and will be presenting on “The development and standardization of cyber security  and processes,” as well as hosting a roundtable discussion on current developments.

Further authorities on both sides of the Atlantic have been confirmed in their respective regions, in London, United Kingdom, this  Scottish and Southern Energy, Electrilivi, Alliander, Security Working Group ETSI-CEN-CENELEC, United Utilities, Stedin and Laborelec GDF Suez. In Sacramento California, contributions include NERC, , Abu Dhabi Marine Operating Company, EPRI, NCI Security, New York University, and Pacific Gas Electric.

The Industrial Control Cyber Security Conference in Europe will take place on September 29th and 30th
Further information can be found at www.industrialcontrolsecurityeurope.com

 

The Industrial Control Cyber Security USA conference in Sacramento California will be held on October 6th and 7th. Further information can be found at www.industrialcontrolsecurityusa.com

 

The Cyber Senate is an exclusive community of global Cyber Security leaders with unparalleled knowledge and , creating a common voice for the Cyber Security industry. We host events and information sharing forums to address key topics across industry sectors such as Energy, Transport, Healthcare and Medical Devices.

Contact Information

James Nesbitt

james@sagacity-media.com

http://www.industrialcontrolsecurityeurope.com

2070961754

James Nesbitt

The Cyber Senate, a Divison of Sagacity Media

http://www.sagacity-media.com

442070961754
[shareaholic app=”share_buttons” id=”7044955″]

Industrial Control Security Europe and USA Call for Papers

ICS EuropeContact James Nesbitt +44 (0) 207 096 1754 or james@sagacity-media.com
All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Utilities and Oil and Gas sectors. 

The ICS Energy Europe conference is brought to you by the Cyber Senate. An exclusive community of authoritative global leaders with unparalleled experience and knowledge in both Cyber and Industrial Control sectors.