While having a conversation with someone at ICSJWG last week about how to focus limited resources on detecting “bad things” with little or no early intel, an interesting idea developed. Beyond looking specifically at critical data and physical assets, would it be worthwhile to pay specific attention to areas of the target environment to which […]
No-Intel Monitoring Tip: Changes
TAC Signs MOU with ICS-ISAC
Recently, the NESCO Tactical Analysis Center (TAC) entered into a Memorandum of Understanding (MOU) with the Industrial Control Systems Information Sharing and Analysis Center (ICS-ISAC). This represents our agreement to work together on information sharing initiatives related to control systems. Operational details will be worked out over the next few months, but we expect this relationship to […]
Keeping the Cybersecurity Boat Afloat
There is much wisdom to be found in classic TV shows. To continue from last week’s I Love Lucy cybersecurity analogy, let’s explore the parables of Gilligan’s Island. The plot line for this show involves a group of castaways stranded on a tropical island after their tour boat was shipwrecked in a storm. The crew and passengers left port […]
Hiding the Chocolate
In a classic episode of the television show I Love Lucy, Ethel and Lucy attempt work at a chocolate candy factory. One of their work assignments involves wrapping chocolates as they go by on a conveyor belt. They are warned that if even a single candy goes by unwrapped, they will be fired. Things start off easy […]
Open Source IOC Utilities
Of the many formats for expressing threat data, OpenIOC is garnering a lot of attention in the incident responder space. While the schema that describes the OpenIOC format is open-source, the tools used to process that data are often proprietary. At the 8th Annual EnergySec Summit, Jeff Bryner gave a presentation about a set of open source […]
Back To Basics
One of the themes that has been present in our direct communications with asset owners is that better adherence to basic security principles and practices will do more to raise the bar against attacks than purchasing the latest security widget de jour. The reason being is that most advanced adversaries employ sophistication in the recon and […]
Measuring Security – It’s Like Taking Your First Baby Steps
Industrial Control System (ICS) security is a tough business to be in. There are a lot of things you aren’t allowed to touch. You are consistently learning that you really don’t know anything about anything. And to make things worse…there are no standard security metrics being used in the industry to help you manage the […]
Securing the Power Grid One Spoonful at a Time
In a recent post on Linkedin, Larry Karisny wrote, “If we are to detect, audit and secure critical infrastructure we need to think small not big.” This quote is being taken out of context but it is a great start to a discussion about how to address cybersecurity in the electric sector. Considering the sheer […]
Incident: Telvent Breach
On September 26, a media report outlining the compromise of control system vendor Telvent (owned by Schneider Electric) was released. Since then, we have received additional details and independent confirmation of the breach. It appears that a known group of malicious actors broke into Telvent and stole control-system specific information from them. Due to some of Telvent’s support […]