Industrial Defender - Cyber Security Intelligence for Critical Infrastructure/SCADA

2008.05.14 - Industry News - NATO allies sign agreement on cyber defense center

Wed, 14 May 2008 17:14:08 -0400

The Associated Press,
14 May 2008

NATO allies sign agreement on cyber defense center
BRUSSELS, Belgium: Seven NATO allies signed a deal Wednesday to fund a research center to boost the alliance's defenses against cyber attacks, seen as a growing threat to military and civilian computer networks.

2008.05.08 - Industry News - Hundreds of U.K. critical infrastructure facilities at flood risk

Fri, 9 May 2008 10:29:41 -0400

Homeland Security Daily Wire,
08 May 2008

Hundreds of U.K. critical infrastructure facilities at flood risk
A study triggered by last summer’s deadly U.K. floods concludes that hundreds of U.K. power substations and water treatment plants are at risk from flooding, thus compounding and exacerbating the consequences of natural disasters.

2008.05.08 - Industry News - Rare SCADA bug poses power plant risk

Fri, 9 May 2008 10:27:08 -0400

John Leyden,
The Register,
08 May 2008

Rare SCADA bug poses power plant risk
Security watchers warn of a rare vulnerability involving software used to control industrial systems. A denial of service vulnerability in monitoring software from Invensys poses a severe risk to the factories and utilities running its Wonderware subsidiary's InTouch SuiteLink application.

2008.05.08 - Industry News - Hundreds of U.K. critical infrastructure facilities at flood risk

Fri, 9 May 2008 10:20:50 -0400

2008.05.05 - Industry News -Defense, intelligence could take major role in cyber defense

Tue, 6 May 2008 11:16:06 -0400

Bob Brewin ,
nextgov.com,
05 May 2008

Defense, intelligence could take major role in cyber defense
The Bush administration this week could release its ambitious plan to defend government networks from cyberattacks, but recent news reports and a February 2008 budget supplement indicates that the Defense Department and intelligence agencies could lead the effort.

2008.05.05 - Industry News -DHS cybersecurity strategy draws fire

Tue, 6 May 2008 11:16:05 -0400

Alice Lipowicz,
FCW.com,
05 May 2008

DHS cybersecurity strategy draws fire
The Homeland Security Department’s ambitious cybersecurity initiative might be relying too much on contractors and might not be providing enough information to the public, according to two key senators.

2008.05.02 - Industry News -Lieberman and Collins Step Up Scrutiny of Cyber Security Initiative

Tue, 6 May 2008 10:18:47 -0400

Press Release,
Senate Committee on Homeland Security and Governmental Affairs,
02 May 2008

Lieberman and Collins Step Up Scrutiny of Cyber Security Initiative
Secrecy, Overuse of Contractors, Role of Private Sector at Stake
WASHINGTON - Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and Ranking Member Susan Collins, R-Me., are seeking detailed explanations from the Department of Homeland Security regarding a new initiative to secure federal information technology systems.

2008.04.30 - Industry News -The Art of Cyber Warfare, Part 2: Digital Defense

Thu, 1 May 2008 16:55:18 -0400

Jack Germain,
E-Commerce Times,
30 April 2008

The Art of Cyber Warfare, Part 2: Digital Defense
Cyber warfare is a sort of irregular warfare, a strategy usually employed by underdogs fighting a stronger enemy. Cyber attack tactics, however, are sometimes backed by strong forces. To defend against such an attack, exercises like Cyber Storm involve wide stretches of both public and private sectors of American infrastructure.

2008.04.29 - Industry News -The Art of Cyber Warfare, Part 1: The Digital Battlefield

Thu, 1 May 2008 16:51:48 -0400

Jack Germain,
E-Commerce Times,
29 April 2008

The Art of Cyber Warfare, Part 1: The Digital Battlefield
Computer network attacks are often perpetrated by gangs of criminal hackers attempting to break into a system for financial gain. However, cyber attacks for political purposes could just as easily be -- and sometimes are -- perpetrated. A country's national security could be severely threatened should a team of hackers successfully crack certain computer systems.

2008.04.28 - Industry News -Homeland security's cyber eyes

Thu, 1 May 2008 16:47:58 -0400

Alan Joch,
FCW,
28 April 2008

Homeland security's cyber eyes
Security experts roll out new techniques to try to keep up with today’s stealthy, transnational cyberattacks

When it comes to hacking and cyber espionage, few targets are as popular as the U.S. government. According to the U.S. Computer Emergency Readiness Team, federal agencies reported 12,986 cyberattacks in 2007 compared with 3,569 two years earlier.

2008.04.28 - Industry News -Cybersecurity’s new world order

Thu, 1 May 2008 16:44:08 -0400

Ben Bain,
FCW,
28 April 2008

Cybersecurity’s new world order
A year after massive cyberattacks virtually shut down Internet operations in Estonia, government officials here and abroad are still learning to adapt to a world in which technology, diplomacy and defense converge.

2008.04.28 - Industry News -Experts struggle with cybersecurity agenda

Thu, 1 May 2008 16:42:52 -0400

William Jackson,
Government Computer News,
28 April 2008

Experts struggle with cybersecurity agenda
Whoever becomes our next president will inherit a cyber infrastructure under almost constant attack and at greater risk than eight years ago, and a handful of experts and legislators have come together to ensure that cybersecurity has a high priority in his or her administration.

2008.04.25 - Industry News -DHS moves to ramp up cybersecurity in federal agencies

Tue, 29 Apr 2008 09:52:18 -0400

Chris Strohm,
GovernmentExecutive.com,
25 April 2008

DHS moves to ramp up cybersecurity in federal agencies
The Homeland Security Department plans to complete an analysis in about 45 days to determine which U.S. government computer networks are most vulnerable to cyberattacks, with the intention of deploying 50 new intrusion detection systems to federal agencies by the end of the year, a top U.S. cybersecurity official said Friday.

2008.04.25 - Industry News -Cyber-Attacks and Cyber-Disasters: Are You Prepared?

Fri, 25 Apr 2008 10:30:07 -0400

Kevin Coleman,
TechNewsWorld,
25 April 2008

Cyber-Attacks and Cyber-Disasters: Are You Prepared?
In 2007, a denial-of-service attack was launched every 53 minutes. Earlier this year, the loss of an undersea cable resulted to the loss of Internet service for entire regions. Businesses that rely to any measure on the Web must secure their businesses against the possibility of large-scale cyber-attacks and disasters, writes strategic management consultant Kevin Coleman.

2008.04.24 - Industry News -Critical infrastructure central to cyber threat

Fri, 25 Apr 2008 10:28:31 -0400

Ben Bain ,
FCW.com,
24 April 2008

Critical infrastructure central to cyber threat
The United States is increasingly vulnerable to cyberattacks that could have catastrophic effects on critical physical infrastructure, and severely damage the country’s economic, military and strategic interests, cybersecurity specialists said today.

2008.04.17 - Industry News -Beware the insider security threat

Thu, 17 Apr 2008 14:32:57 -0400

Andy McCue,
Silicon.com,
17 April 2008

Beware the insider security threat
Employees and insiders are bigger threats to corporate security than external threats such as denial of service attacks or malware.

2008.04.17 - Industry News -S'pore pledges US$52M against cyber threats

Thu, 17 Apr 2008 14:31:49 -0400

Vivian Yeo ,
ZDNet Asia,
17 April 2008

S'pore pledges US$52M against cyber threats

SINGAPORE--The government today announced it will pump S$70 million (US$51.6 million) over the next five years to boost its cyber defenses and guard against emerging threats.

2008.04.17 - Industry News -Security experts split on "cyberterrorism" threat

Thu, 17 Apr 2008 14:30:36 -0400

Mark Trevelyan,
Reuters,
17 April 2008

Security experts split on "cyberterrorism" threat

LONDON (Reuters) - International experts called on Wednesday for greater cooperation to fight threats to computer networks but they differed on the definition of cyberterrorism, with a top British security official describing it as a "myth".

2008.04.16 - Industry News -IG: DHS need cyber security coordination office

Thu, 17 Apr 2008 14:29:07 -0400

Alice Lipowicz ,
FCW.com,
16 April 2008

IG: DHS need cyber security coordination office

The Homeland Security Department is moving too slowly to protect its most critical internal computer systems, according to a new from the department’s inspector general, Richard Skinner.

2008.04.16 - Company News - Frost & Sullivan Acknowledges Industrial Defender as Market Leader in Critical Infrastructure Cyber Security Protection

Thu, 17 Apr 2008 14:28:24 -0400

Press Release,
Frost & Sullivan ,
16 April 2008
Palo Alto, Calif. - April 16, 2008 - Based on its recent analysis of the cyber risk management solutions market for process control & SCADA environment, Frost & Sullivan presents Industrial Defender Inc. with the 2008 Global Frost & Sullivan Company of the Year Award.

2008.04.16 - Company News - Frost & Sullivan Acknowledges Industrial Defender as Market Leader in Critical Infrastructure Cyber Security Protection

Wed, 16 Apr 2008 10:02:37 -0400

Press Release,
Industrial Defender, Inc. ,
16 April 2008
FOXBOROUGH, Mass., April. 16, 2008 - Industrial Defender, Inc., the global leader in Cyber Risk Protection(TM), today announced that it is the recipient of the 2008 Global Risk Management Process Control & SCADA Company of the Year Award by Frost & Sullivan, a leading global growth consulting company.

2008.04.10 - Industry News -Bush's Cyber Secrets Dilemma

Fri, 11 Apr 2008 14:30:27 -0400

Andy Greenberg,
Forbes,
10 April 2008

Bush's Cyber Secrets Dilemma

SAN FRANCISCO, CALIF. - There's a problem facing the Bush administration: It has $30 billion to spend over the next five to seven years to keep the U.S. safe from hackers and cyberspies. But to extend that protection to the nation's critical infrastructure--including banks, telecommunications and transportation--it needs the cooperation of the private sector.

2008.04.09 - Industry News -DHS Chief Says Current Defenses 'Insufficient' to Handle Evolving Threats

Fri, 11 Apr 2008 14:30:26 -0400

Tim Wilson,
Dark Reading,
09 April 2008

DHS Chief Says Current Defenses 'Insufficient' to Handle Evolving Threats

SAN FRANCISCO -- RSA Conference 2008 -- Michael Chertoff, secretary of the U.S. Department of Homeland Security, is a long way from feeling secure.

In a keynote address and press conference yesterday here, Chertoff discussed the threats faced by government and business, the progress of federal cyber security efforts, and the state of current security technology. And he believes a lot more work needs to be done on all of those fronts.

2008.04.09 - Industry News -Water, water, everywhere under attack

Fri, 11 Apr 2008 14:30:21 -0400

Alice Lipowicz,
Washington Technology,
09 April 2008

Water, water, everywhere under attack

Water utilities should begin work immediately to secure their systems against catastrophic cyberattack, according to a new strategy document sponsored by the American Water Works Association and Homeland Security Department.

2008.04.09 - Industry News -Experts hack power grid in no time

Fri, 11 Apr 2008 14:30:07 -0400

Tim Greene,
Network World ,
09 April 2008

Experts hack power grid in no time

SAN FRANCISCO -- Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day.

2008.04.09 - Industry News -Air Force pushing ahead on cyberspace

Fri, 11 Apr 2008 14:29:55 -0400

Ben Bain ,
FCW.com
09 April 2008

Air Force pushing ahead on cyberspace

The Air Force is finalizing a doctrine that will guide its operations in cyberspace, a domain in which the service plans to invest $5 billion during coming years as it works to establish its new Cyber Command. .

2008.04.09 - Industry News -Chertoff wants early warning system for infrastructure attacks

Thu, 10 Apr 2008 17:35:44 -0400

Associated Press,
CNN,
09 April 2008

Chertoff wants early warning system for infrastructure attacks

SAN FRANCISCO (AP) -- Federal cybersecurity officials are trying to develop an early warning system that alerts authorities to incoming computer attacks targeting critical U.S. infrastructure, Homeland Security Secretary Michael Chertoff said.

2008.04.08 - Industry News -Breaking into a power station in three easy steps

Wed, 9 Apr 2008 14:32:12 -0400

Elinor Mills,
Cnet News,
08 April 2008

Breaking into a power station in three easy steps

"I will tell (you) how to break into a nuclear reactor," Ira Winkler, president of security firm ISAG said as he launched into his presentation on "How to Take Down the Power Grid" at RSA 2008 on Tuesday night.

"Frankly, it's really easy to break into the power grid," he said. "It happens all the time."

2008.04.04 - Industry News -U.S. reveals plans to hit back at cyberthreats

Mon, 7 Apr 2008 11:22:42 -0400

Tom Espiner,
Cnet News,
04 April 2008

U.S. reveals plans to hit back at cyberthreats

The U.S. Air Force Cyber Command is developing capabilities to inflict denial of service, confidential data loss, data manipulation, and system integrity loss on its adversaries, and to combine these with physical attacks, according to a senior U.S. general.

2008.03.24 - Incidents- Limerick (PA) nuclear power station shut from full power

Tue, 25 Mar 2008 12:12:36 -0400

Reuters,
24 MAR 2008

Exelon Pa. Limerick 1 reactor shut

NEW YORK, March 24 (Reuters) - Exelon Corp's (EXC.N: Quote, Profile, Research) 1,134-megawatt Unit 1 at the Limerick nuclear power station in Pennsylvania shut from full power on March 22, the company said in a release.

The shutdown occurred due to a problem with the main turbine control system on the electrical distribution side of the plant. In the release, the company said operators were making repairs.

2008.03.13 - Industry News - Bush calls for tighter cybersecurity

Mon, 17 Mar 2008 10:22:14 -0400

Richard Wolf,,
USA Today,
13 March 2008

Bush calls for tighter cybersecurity

WASHINGTON - A sudden spike in the number of successful attacks against federal government information systems and databases has led President Bush to propose a multibillion-dollar response.

2008.03.13 - Industry News - Cyberexercise shows need for better training to avoid major network failures

Mon, 17 Mar 2008 09:46:07 -0400

Jill R. Aitoro,
GovernmentExecutive.com,
13 March 2008

Cyberexercise shows need for better training to avoid major network failures

Workers operating networks supporting the nation's critical infrastructure such as telecommunications and transportation need better training on how to manage backup systems in case cyberattacks take down main systems, said a top Homeland Security Department official Thursday.

2008.03.12 - Industry News - Insiders are the greatest threat to companies' security

Wed, 12 Mar 2008 14:29:51 -0400

DHSDailyWire.com,
12 March 2008

Insiders are the greatest threat to companies' security

There is a 72 percent likelihood that the next successful attack on your company will come from an insider, says IBM Tivoli executive

The recent scandal at French bank Société Générale has highlighted, if such highlighting was necessary, how vulnerable companies are to insider threats, speakers said Tuesday at the European Computer Audit Control and Security Conference in Stockholm. "Despite all the press and focus on hacking and viruses, there is a 72 percent likelihood that the next successful attack will come from an insider, according to statistics from ISCSA Labs," said Marne Gordan, GRC market manager at IBM Tivoli. Because such users are already on the inside they can cause a lot of damage, and go undetected for a long time. Reasons for users turning on their employers include financial gain, curiosity and good old-fashioned revenge, according to Gordan.

2008.03.10 - Industry News - U.S. officials: "Cyber Warfare Is Already Here"

Mon, 17 Mar 2008 10:36:11 -0400

HSDailyWire.com,
10 March 2008

U.S. officials: "Cyber Warfare Is Already Here"

U.S. officials say China, Russia, and possibly other nation-states are capable of collecting or exploiting data held on U.S. information systems; Director of National Intelligence says especially worrisome is the ability of other countries to destroy data in the system: "And the destroying data could be something like money supply, electric power distribution, transportation sequencing and that sort of thing"

2008.03.10 - Industry News - Analysis: DHS stages cyberwar exercise

Tue, 11 Mar 2008 09:49:07 -0400

Shaun Waterman ,
Middle East Times,
10 March 2008

Analysis: DHS stages cyberwar exercise

WASHINGTON, March 10 (UPI) -- Officials from 18 federal agencies, nine states, four foreign governments and more than three dozen private companies will take part in a cyberwar exercise staged by the U.S. Department of Homeland Security this week.

2008.03.09 - Industry News - Fed Networks Increasingly Under Siege

Mon, 10 Mar 2008 14:00:14 -0400

Courtney Mabeus ,
PCWorld,
09 March 2008

Fed Networks Increasingly Under Siege

Richard Westfield acknowledges his small agency, the National Labor Relations Board, doesn't possess the most sought-after data in government. But that doesn't mean his agency is not a target for hackers.

The agency’s computers are linked to other networks. "Once they have access to the network," Westfield said, "They can use that as a launch pad to other organizations."

2008.03.09 - Industry News - Chinese Hackers Worry Pentagon

Mon, 10 Mar 2008 13:58:51 -0400

PCWorld,
09 March 2008

Chinese Hackers Worry Pentagon

WASHINGTON (Reuters) - China is developing weapons that would disable its enemies' space technology such as satellites in a conflict, the Pentagon said in a report released last week.

The report also said "numerous" intrusions into computer networks around the world, including some owned by the U.S. government, in the past year seem to have originated in China.

2008.03.06 - Industry News - House Security Committee Passes Chemical Plant Anti-Terrorism Bill

Mon, 10 Mar 2008 17:51:29 -0400

Greenpeace,
06 March 2008,

House Security Committee Passes Chemical Plant Anti-Terrorism Bill

WASHINGTON, DC - March 6 - In a bipartisan vote, led by U.S. Rep. Bennie Thompson (D-MS), the House Homeland Security Committee today passed the "Chemical Facilities Anti-Terrorism Act of 2008." The bill would significantly strengthen the Department of Homeland Security's (DHS) regulations and create a permanent law to address the risks posed by chemical facilities.

2008.03.06 - Industry News - U.S. unprepared for ongoing cyberwar, say top military and intelligence officials

Fri, 7 Mar 2008 10:44:09 -0500

Bob Brewin,
GovernmentExecutive.com,
06 March 2008

U.S. unprepared for ongoing cyberwar, say top military and intelligence officials

The United States is in the midst of a cyberwar and is not prepared to deal with it, top Defense Department and intelligence officials acknowledged this week.

"Cyberwarfare is already here.... It's one of our major challenges," said Defense Deputy Secretary Gordon England on Monday at the annual National Community Service and Legislative Conference of the Veterans of Foreign Wars.

2008.03.06 - Industry News - Nato says cyber warfare poses as great a threat as a missile attack

Fri, 7 Mar 2008 10:32:21 -0500

Bobbie Johnson,
guardian.co.uk,
06 March 2008

Nato says cyber warfare poses as great a threat as a missile attack

Nato is treating the threat of cyber warfare as seriously as the risk of a missile strike, according to a senior official.

A London conference was told that online espionage and internet-based terrorism now represent some of the gravest threats to global security.

2008.03.04 - Industry News - Pentagon: China's computer hacking worries Pentagon

Wed, 5 Mar 2008 10:28:35 -0500

Julian E. Barnes,
LATimes.com,
04 March 2008

China's computer hacking worries Pentagon

A report says the country now has the ability to get into networks around the world.

WASHINGTON - China in the last year has developed ways to infiltrate and manipulate computer networks around the world in what U.S. defense officials conclude is a new and potentially dangerous military capability, according to a Pentagon report issued Monday.

2008.03.03 - Industry News - FPL Announces Preliminary Findings of Outage Investigation

Wed, 5 Mar 2008 10:30:15 -0500

ElectricEnergyOnline.com,
03 March 2008

FPL Announces Preliminary Findings of Outage Investigation

Juno Beach, Fla., March 3, 2008 - Florida Power & Light Company announced preliminary findings of its ongoing investigation into the cause of an outage affecting approximately 584,000 customers on Tuesday, Feb. 26.

2008.03.03 - Industry News - Pentagon: Cyberattacks appear to come from China

Wed, 5 Mar 2008 09:46:36 -0500

Bob Brewin,
GovernmentExecutive.com,
03 March 2008

Pentagon: Cyberattacks appear to come from China

The Defense Department said Monday that cyberattacks in 2007 against computer networks operated by governments and commercial institutions around the world "appear" to have originated within China -- marking the first time the Pentagon has so visibly pinned the blame against China for cyberattacks.

2008.03.01 - Industry News - Human error caused outage

Wed, 5 Mar 2008 09:44:32 -0500

Eve Samples,
Palm Beach Post ,
01 March 2008

Human error caused outage

A blunder by a field engineer working alone at one of Florida Power & Light Co.'s substations appears to have triggered the blackout that left at least 2 million Floridians without power Tuesday.

2008.02.28 - Industry News - Cyber-Security: Ignore At Your Peril

Fri, 29 Feb 2008 10:57:38 -0500

Scott Louis Weber,
Forbes,
28 Feb 2008

Cyber-Security: Ignore At Your Peril

In the 2001 attack on the World Trade Center, al-Qaida accomplished three goals: It caused a massive loss of life, it destroyed an icon of American prosperity and it wreaked havoc on Wall Street and the U.S. economy. Economic destruction continues to be a goal of terrorists and other bad actors, and cyber attacks are an increasingly popular and effective weapon.

2008.02.28 - Industry News - DHS gives itself a 'C' for cybersecurity

Fri, 29 Feb 2008 10:56:08 -0500

Jill R. Aitoro,
GovernmentExecutive.com,
28 Feb 2008

DHS gives itself a 'C' for cybersecurity

The top ranking official in the Homeland Security Department's national protection division called the agency's efforts in cybersecurity satisfactory, assigning a grade of 'C' during congressional testimony Thursday. But members of Congress called the grade inadequate, emphasizing the need for better collaboration with agency technology leaders, real-time response to system attacks, and metrics that measure the ability to protect networks from specific threats rather than system compliance.

2008.02.20 - Industry News - Power restored to parts of Florida after outage

Wed, 27 Feb 2008 10:09:26 -0500

CNN,
27 Feb 2008

Power restored to parts of Florida after outage

MIAMI, Florida (CNN) -- Power was restored Tuesday for most of Florida after a failed switch and fire at an electrical substation outside Miami triggered widespread blackouts across the state.

2008.02.26 - Incidents- Massive power outage hits Florida

Tue, 26 Feb 2008 17:22:53 -0500

CNN,
26 FEB 2008

Massive power outage hits Florida

MIAMI, Florida (CNN) -- A "significant equipment failure" at a substation west of Miami triggered Tuesday afternoon's blackouts around southern Florida, a Florida Power & Light official said.

Utility spokeswoman Aletha Player said an investigation is ongoing, and provided no details of the failure. But she said the 700,000 customers affected by the outage in southern Florida should have power restored by 5:30 p.m.

2008.02.20 - Industry News - Analysis: Terrorism 2.0

Wed, 20 Feb 2008 15:53:04 -0500

Middle East Times,
20 Feb 2008

Analysis: Terrorism 2.0

BRUSSELS, Feb. 20 (UPI) -- Terrorism and wars of the future won't be fought outdoors but from the comfort of our own homes, behind our computer screens. With cyberattacks on the rise and gaining in destructive capability, the threat to the international community is beyond current regulations and defense mechanisms, a panel of experts said last week.

2008.02.13 - Industry News - Pentagon: Cyberattacks appear to come from China

Thu, 14 Feb 2008 13:42:42 -0500

EurActiv.com,
13 Feb 2008

Pentagon: Cyberattacks appear to come from China

The military alliance has agreed to set up a new body to coordinate responses to cyber attacks carried out against its members and gather intelligence to prevent them from happening in the future, a NATO official said.

2008.02.11 - Industry News - Cyberterrorism, Inc

Mon, 11 Feb 2008 11:53:19 -0500

Peter Buxbaum,
ISN,
11 Feb 2008

Cyberterrorism, Inc

A new report says that 2008 will see an expansion of economic espionage in which nation-states and companies will use cybertheft of data to gain economic advantage in multinational deals.

2008.02.07 - Industry News - Spending for IT security gains ground in 09 budget

Thu, 14 Feb 2008 13:46:05 -0500

Wyatt Kash,
GCN- Government Computer News,
07 Feb 2008

Spending for IT security gains ground in 09 budget

If President Bush’s 2009 budget request indeed reflects his priorities, then securing the government’s information technology systems appears to have the president’s attention.

2008.02.11 - Industry News - Welcome to Cyberwar Country, USA

Mon, 11 Feb 2008 11:51:35 -0500

Marty Graham,
Wired,
11 Feb 2008

Welcome to Cyberwar Country, USA

BARKSDALE AIR FORCE BASE, Louisiana -- When a reporter enters the Air Force office of William Lord, a smile comes quickly to the two-star general's face as he darts from behind his immaculate desk to shake hands. Then, as an afterthought, he steps back and shuts his laptop as though holstering a sidearm.

2008.02.10 - Industry News - Combating Enemies Online: State-Sponsored and Terrorist Use of the Internet

Mon, 11 Feb 2008 11:49:33 -0500

James Jay Carafano and Richard Weitz,
Hawaii Reporter,
10 Feb 2008

Combating Enemies Online: State-Sponsored and Terrorist Use of the Internet

Even before the terrorist attacks of Sept. 11, 2001, security experts were becoming increasingly concerned about the vulnerability of U.S. computer systems and associated infrastructure. The 9/11 attacks amplified these concerns.

2008.02.01 - Industry News - Cyber Security Breach

Mon, 4 Feb 2008 09:29:10 -0500

Bruce Gellerman,
Living on Earth,
01 Feb 2008

Cyber Security Breach

As power companies increasingly use the internet to manage their power grids, they’re also becoming increasingly vulnerable to hacker attacks that could shut down power and destroy facilities, all with the click of a mouse. Host Bruce Gellerman speaks with Alan Paller, director of research at the SANS Institute, which specializes in security systems education.

2008.01.31 - Industry News - Threats from everywhere in 'cyber storm'

Mon, 11 Feb 2008 11:47:47 -0500

Ted Bridis,
Associated Press,
31 Jan 2008

Threats from everywhere in 'cyber storm'

WASHINGTON - In the middle of the biggest-ever "Cyber Storm" war game to test the nation's hacker defenses, someone quietly targeted the very computers used to conduct the exercise.

2008.01.29 - Industry News - Industry experts question $6 billion Bush cybersecurity plan

Fri, 1 Feb 2008 09:54:48 -0500

Jill R. Aitoro,
GovernmentExecutive.com,
29 Jan 2008

Industry experts question $6 billion Bush cybersecurity plan

A system that focuses on network protection will do little to fend off intruders, industry sources argue in response to reports that President Bush will allocate $6 billion in his 2009 budget to a cybersecurity project meant to shield communication networks from terrorists and hackers.

2008.01.19 - Incidents- CIA: Hackers to Blame for Power Outages

Wed, 23 Jan 2008 11:37:51 -0500

Associated Press,
19 JAN 2008

CIA: Hackers to Blame for Power Outages

WASHINGTON (AP) - Hackers literally turned out the lights in multiple cities after breaking into electrical utilities and demanding extortion payments before disrupting the power, a senior CIA analyst told utility engineers at a trade conference.

All the break-ins occurred outside the United States, said senior CIA analyst Tom Donahue. The U.S. government believes some of the hackers had inside knowledge to cause the outages. Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted. He said they happened in "several regions outside the United States."

2008.01.17 - Industry News - NERC Cyber Security Standards to Become Mandatory in United States

Thu, 17 Jan 2008 15:22:03 -0500

NERC Press Release ,
17 JAN 2008

NERC Cyber Security Standards to Become Mandatory in United States

PRINCETON, N.J., Jan. 17, 2008 - In a major move toward ensuring the reliability of the electric grid, the Federal Energy Regulatory Commission (FERC) today approved eight cyber security and critical infrastructure protection standards proposed by NERC. Set to become mandatory when the Commission’s order becomes effective in approximately 60 days, the standards will require bulk power system users, owners, and operators in the U.S. to identify and document cyber risks and vulnerabilities, establish controls to secure critical cyber assets from physical and cyber sabotage, report security incidents, and establish plans for recovery in the event of an emergency. The standards are already mandatory in Ontario and New Brunswick in Canada.

2008.01.16 - Industry News - Weak control system security threatens U.S.

Wed, 16 Jan 2008 15:24:50 -0500

Joab Jackson ,
GCN.com,
16 JAN 2008

Weak control system security threatens U.S.

NEW ORLEANS - Weak security on infrastructure control systems may eventually put the country at risk for a coordinated attack on utilities, warned Jerry Dixon, former acting director of the Homeland Security Department’s National Cyber Security Division.

2008.01.11 - Incidents - Schoolboy hacks into city's tram system

Wed, 16 Jan 2008 15:26:39 -0500

Graeme Baker,
Telegraph.co.uk,
11 JAN 2008

Schoolboy hacks into city's tram system

A teenage boy who hacked into a Polish tram system used it like "a giant train set", causing chaos and derailing four vehicles.

The 14-year-old, described by his teachers as a model pupil and an electronics "genius", adapted a television remote control so it could change track points in the city of Lodz.

2008.01.05 - Industry News - Feds confirm 2006 security violation at OR nuclear plant

Thu, 10 Jan 2008 13:20:42 -0500

Frank Munger ,
KnoxNews.com,
05 JAN 2008

Feds confirm 2006 security violation at OR nuclear plant

OAK RIDGE - Federal inspectors have confirmed a late 2006 security breach in which an unauthorized laptop computer was taken into a high-security area at the Y-12 nuclear weapons plant. They also found that Y-12's cyber security personnel did not respond properly after the breach was discovered.

2007.12.28 - Industry News - USAF wants to build Cyber Control System

Wed, 2 Jan 2008 14:12:21 -0500

Brian Robinson ,
Washington Technology,
28 Dec 2007

USAF wants to build Cyber Control System

As part of its evolving cyberwarfare strategy, the Air Force is looking for input on how to construct a command and control system that would support defensive and offensive operations in the event of an all-out attack on the country’s information infrastructure.

2007.12.27 - Industry News - NIST: Fed agencies should mount penetration attacks

Wed, 2 Jan 2008 14:12:20 -0500

Jack Rogers ,
scmagazineus.com,
27 Dec 2007

NIST: Fed agencies should mount penetration attacks

In the final draft of its upcoming security guidelines for protecting federal information systems, the National Institute of Standards and Technology (NIST) is recommending that federal agencies conduct regular penetration tests to determine whether their networks can be breached.

2007.12.27 - Industry News - Experts fail government on cybersecurity

Wed, 2 Jan 2008 14:12:19 -0500

Ryan Blitstein ,
San Jose Mercury News ,
27 Dec 2007

Experts fail government on cybersecurity

Efforts criticized for deficient funds, lack of understanding of threat's size

SAN JOSE, CALIF.: Since the outbreak of a cybercrime epidemic that has cost the American economy billions of dollars, the federal government has failed to respond with enough resources, attention and determination to combat the cyberthreat, a San Jose Mercury News investigation reveals.

2007.12.19 - Industry News - Irate Unix Administrator Admits Trying To Sabotage California Power Grid

Fri, 21 Dec 2007 10:56:33 -0500

Charles Babcock ,
Information Week,
19 Dec 2007

Irate Unix Administrator Admits Trying To Sabotage California Power Grid

A contract Unix system administrator pleaded guilty to trying to disrupt a data center where he was employed in Folsom, Calif., by hammering the safety glass of an emergency power shut-off, then pushing the shut-down button.

2007.12.18 - Industry News - House approves $34.9B for homeland security

Thu, 20 Dec 2007 17:20:25 -0500

Alice Lipowicz,
Washington Technology,
18 Dec 2007

House approves $34.9B for homeland security

The omnibus spending bill approved by the House of Representatives yesterday includes $34.9 billion in baseline funding for the Homeland Security Department in fiscal 2008 and boosts major departmental information technology contracting efforts focused on U.S. Visit and the Real ID Act of 2005.

2007.12.10 - Industry News - FERC seeks industry cyber-security plans

Tue, 11 Dec 2007 10:10:28 -0500

Associated Press (AP),
cnnmoney.com,
10 Dec 2007

FERC seeks industry cyber-security plans

WASHINGTON (AP) - Federal energy regulators said Monday they have asked the White House to approve a rule that requires the electric industry to submit detailed reports about its progress in addressing potential cyber-security vulnerabilities.

2007.12.10 - Industry News - China suspected in hacking attempt on Oak Ridge National Lab

Mon, 10 Dec 2007 17:03:30 -0500

hsdailywire.com,
10 Dec 2007

China suspected in hacking attempt on Oak Ridge National Lab

In October about 1,100 employees at the Oak Ridge National Lab received versions of seven phishing e-mails which appeared legitimate; eleven employees opened the e-mails' attachments, which enabled the hackers to infiltrate the Lab's system and remove data; Last week DHS circulated memo to security experts pointing to China as the source of the October hacking at the weapon lab.

2007.12.07 - Incidents - Hackers launch major attack on U.S. military labs

Mon, 10 Dec 2007 11:40:40 -0500

John E. Dunn,
techworld.com,
07 Dec 2007

Hackers launch major attack on U.S. military labs

Sophisticated cyber attacks break into computer systems at the U.S. military's Oak Ridge National Laboratory in Tennessee and Los Alamos National Laboratory in New Mexico

2007.12.07 - Incidents - Cyber hackers infiltrate ORNL (Oak Ridge National Laboratory)

Fri, 7 Dec 2007 13:18:34 -0500

Frank Munger,
Knoxnews.com),
07 Dec 2007

Cyber hackers infiltrate ORNL (Oak Ridge National Laboratory)

OAK RIDGE - Oak Ridge National Laboratory was the target of a "sophisticated cyber attack" that potentially gave hackers access to the personal information of thousands of visitors to the lab from 1990 to 2004, the laboratory confirmed Thursday.

2007.11.30 - Industry News - Government-sponsored cyberattacks on the rise, McAfee says

Mon, 3 Dec 2007 09:25:38 -0500

Jon Brodkin ,
Computer World,
30 Nov 2007

Government-sponsored cyberattacks on the rise, McAfee says

Big Brother -- someone's Big Brother -- is actively messing with you

November 30, 2007 (Network World) -- Governments and allied groups worldwide are using the Internet to spy and launch cyberattacks on their enemies, targeting critical systems including electricity, air traffic control, financial markets and government computer networks, according to McAfee's annual report examining global cybersecurity.

2007.11.29 - Industry News - Insider charged with hacking California canal system

Fri, 30 Nov 2007 11:42:57 -0500

Robert McMillan ,
Computer World,
29 Nov 2007

Insider charged with hacking California canal system

Ex-supervisor installed unauthorized software on SCADA system, indictment says

November 29, 2007 (IDG News Service) -- SAN FRANCISCO -- A former employee of a small California canal system has been charged with installing unauthorized software and damaging the computer used to divert water from the Sacramento River.

2007.11.29 - Incidents - Enbridge eyes quick restart after pipe blast

Fri, 30 Nov 2007 12:10:15 -0500

Jeffrey Jones and Scott Haggett,
Reuters (AP),
29 Nov 2007

Enbridge eyes quick restart after pipe blast

CALGARY (Reuters) - Enbridge Inc (ENB.TO) on Thursday said it expects to quickly restart its huge pipeline system, the day after a deadly blast in Minnesota killed two workers and briefly choked off 10 percent of oil imports to the world's top consumer.

2007.11.29 - Industry News - World faces "cyber cold war" threat

Thu, 29 Nov 2007 10:28:42 -0500

Peter Griffiths,
Reuters,
29 Nov 2007
LONDON (Reuters) - A "cyber cold war" waged over the world's computers threatens to become one of the biggest threats to security in the next decade, according to a report published on Thursday.

2007.11.19 - Industry News - NIST addresses security for industrial controls systems

Wed, 21 Nov 2007 14:09:12 -0500

William Jackson,
Government Computer News,
19 Nov 2007
The National Institute of Standards and Technology has released an initial draft of new security guidelines for government information technology systems used for industrial control processes. The guidelines are in a revised appendix to NIST Special Publication 800-53, "Recommended Security Controls for Federal Information Systems."

2007.11.13 - Industry News - Asymmetric cyber threat

Thu, 15 Nov 2007 14:26:27 -0500

James A. Lyons Jr.,
Washington Times,
13 Nov 2007
One asymmetric threat to our military forces and the nation is "cyber terrorism." Our advanced technologically based military forces - dependent on our satellites, critical infrastructure computers, the Internet, secure software programming, computer-driven telecommunications, air traffic control centers and other sophisticated sensor systems - are tempting targets for cyber terrorism.

2007.11.06 - Industry News - White House officials ask for $154 million in new cybersecurity spending

Wed, 7 Nov 2007 13:56:43 -0500

Jason Miller ,
FCW.com,
06 Nov 2007
White House officials today asked Congress for more than $436 million in new cybersecurity and counterterrorism programs in the Homeland Security and Justice departments’ fiscal 2008 spending bills.wants the next administration to address.

2007.11.05 - Industry News - Panel must narrow cybersecurity scope

Tue, 6 Nov 2007 13:33:17 -0500

Jason Miller ,
FCW.com,
05 Nov 2007
31 experts form a commission to give next president their advice on network defenses

A new blue-ribbon panel that will develop cybersecurity recommendations for the next president faces a compressed schedule and the challenge of agreeing on a cybersecurity agenda that it wants the next administration to address.

2007.11.02 - Incidents - Arizona Nuclear Power Plant Off Lockdown After Security Alert

Tue, 6 Nov 2007 09:05:42 -0500

Associated Press (AP),
FOXNews.com,
02 Nov 2007
WINTERSBURG, Ariz. - Security officials at the nation's largest nuclear power plant detained a contract worker with a small, crude explosive device in the back of his pickup truck Friday, and investigators were searching his apartment, authorities said.

2007.10.29 - Industry News - Controlling Hackers

Thu, 1 Nov 2007 16:15:59 -0400

Ken Silverstein,
EnergyBizInsider,
29 Oct 2007
Violent lunatics bent on the destruction of western civilization are one thing. Silent computer hackers who can whittle away at the nation's infrastructure are another.

Federal and industry experts say that the technology that allows utilities to run their operations is more vulnerable now than ever before. Because those networks are becoming increasingly standardized and linked to other centralized systems, they can be more easily breached and the resulting disturbances can be enormous.

2007.11.01 - Industry News - Al Qaeda Sets a Date for Cyber Jihad

Thu, 1 Nov 2007 10:04:29 -0400

Ben Worthen,
Wall Street Journal (wsj.com),
01 Nov 2007
Earlier this week, an Israeli counter-terrorism group discovered an announcement on an Arabic Web site: Jihadists are going to launch a coordinated cyber attack on 15 Western Web sites on November 11. They plan to expand the attack "until hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites.

2007.10.31 - Industry News - Public utility's bare insecurities

Tue, 30 Oct 2007 15:00:19 -0400

Richard Bray, columnist, CIO Government Review,
InterGovWorld.com,
31 Oct 2007
The shocking image of an electrical generator ripping itself apart in a simulated hacking attack opens a CNN report on SCADA (supervisory control and data acquisition) vulnerabilities.

The computer network attached to the generator has been breached and the SCADA controller settings changed to make it self-destruct.

2007.10.30 - Industry News - New U.S. tack to defend power grid - Lawmakers are on alert as hackers increase attacks on US infrastructure.

Tue, 30 Oct 2007 09:52:38 -0400

Mark Clayton ,
The Christian Science Monitor,
30 Oct 2007
For nearly five years, the US government has struggled to guard the nation's electric grid, drinking water, and other critical infrastructure from cyberattack. But as hackers continue to infiltrate such systems, and as reports surface of a surge in computer attacks on the electric grid, experts and lawmakers have an urgent message for the Bush administration: Cybersecurity defenses need an overhaul.

2007.10.30 - Industry News - Cyber security committee about to form -Experts say hackers are a step ahead.

Tue, 30 Oct 2007 09:51:00 -0400

Jason Embry ,
Statesman.com,
30 Oct 2007
Computer hackers muscled their way into a power plant's control system and destroyed an electric generator earlier this year at an Idaho lab, a sign of vulnerability in the country's power grids.

The Idaho breach, some of which aired later on CNN, was an experiment conducted for the Department of Homeland Security to see how well the country could resist cyber attacks. It also made U.S. Rep. Michael McCaul, R-Austin, more than a little uneasy.

2007.10.24 - Industry News - Rep. Thompson presses DHS for information on cyber initiative

Thu, 25 Oct 2007 14:47:22 -0400

Jason Miller ,
FCW.com,
24 Oct 2007
Rep. Bennie Thompson (D-Miss.) is frustrated by the lack of response from the Homeland Security Department and the Office of the Director for National Intelligence about a reportedly new cybersecurity program the National Security Agency is developing.

2007.10.24 - Industry News - Security incidents and trends in SCADA and process industries

Wed, 24 Oct 2007 09:56:47 -0400

Eric Byres,David Leversage and Nate Kube,
The Industrial Ethernet Book - Vol. 39,
May 2007
Supervisory Control and Data Acquisition and industrial control systems, with their traditional reliance on proprietary networks and hardware, have long been considered immune to the cyber attacks suffered by corporate information systems. Unfortunately, both academic research and in-the-field experience indicate misplaced confidence.The move to open standards such as Ethernet,TCP/IP, and web technologies allows hackers and virus writers to take advantage of the control industry’s ignorance.The result is a growing number of unpublicised cyber-based security events that are affecting critical infrastructure and manufacturing industries.

2007.10.19 - Industry News - Congress: Power Grid Defense Is Weak

Mon, 22 Oct 2007 09:54:10 -0400

Lisa Vaas,
eWeek.com,
19 Oct 2007
In the wake of the Idaho National Laboratory test that blew up an electrical generator with a simulated cyber-attack and revealed the fragility of the nation's electrical infrastructure, a congressional panel on cyber-security is calling for an investigation into how well electric sector owners and operators have implemented security mitigations developed by the U.S. Department of Homeland Security and Department of Energy.

2007.10.19 - Industry News - U.S. power grid is increasingly vulnerable to attack

Fri, 19 Oct 2007 16:36:51 -0400

HS Daily Wire,
19 Oct 2007
U.S. power system is worth more than $1 trillion, comprising more than 200,000 miles of transmission lines and more than 800,000 megawatts of generating capability; it serves more than 300 million; Congressional panel, describing industry-developed security standards as "woefully inadequate, "examines how well operators have implemented security measures developed by DHS, DOE

2007.10.19 - Industry News - Experts says proposed security standards for power grid not enough

Fri, 19 Oct 2007 13:43:53 -0400

Jaikumar Vijayan,
ComputerWorld.com,
19 Oct 2007
Significant number of interdependent assets still exposed, say critics

October 19, 2007 (Computerworld) -- New cybersecurity standards proposed by the North American Electric Reliability Corp. (NERC) to protect the nation's power infrastructure are not broad enough and fail to cover a significant number of interdependent assets.

The standards also give electric utility owners, operators and users too much discretion when it comes to implementing the prescribed controls, a group of experts told members of the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology on Wednesday.

2007.10.18 - Industry News - Tighter security over power plant computer systems urged

Fri, 19 Oct 2007 13:32:39 -0400

Jill R. Aitoro,
GovExec.com,
18 Oct 2007
Current regulations to protect the control systems that support power plants nationwide fall short of federal recommendations, posing a serious threat to the electric infrastructure and national security, witnesses testified at a hearing Wednesday. One lawmaker threatened legislation if standards don't improve.

The hearing before the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology was prompted by a simulation that highlighted vulnerabilities in the computers that run water, power and chemical plants. In the March Aurora Generator test, researchers from the Idaho National Laboratories created a video for the Homeland Security Department simulating a cyberattack on a power plant's control system. The attack caused a generator to self-destruct.

2007.10.18 - Industry News - Internet Compromises Power Grid Security, Witnesses Say

Fri, 19 Oct 2007 13:45:11 -0400

Rob Margetta,
CQ.com,
18 Oct 2007
The electronic infrastructure that operates America’s power grids is more at risk of cyber-attack than ever because of operating systems connected to the Internet, according to witnesses at a House subcommittee hearing Wednesday.

Jim Langevin, D-R.I., chairman of the House Homeland Security Cybersecurity Subcommittee, bashed a set of regulatory standards recommended by the Federal Energy Regulatory Commission (FERC) for the "control systems" that protect the power industry’s systems.

Several witnesses joined him in this assessment, and recommended that the Department of Homeland Security develop a better system for guiding private industry efforts to secure control systems.

2007.10.18 - Industry News - DOE to Provide Nearly $8 Million to Safeguard the Nation's Energy

Fri, 19 Oct 2007 13:26:35 -0400

Newsblaze.com,
18 Oct 2007
U.S. Department of Energy (DOE) Assistant Secretary for Electricity Delivery and Energy Reliability Kevin M. Kolevar today announced five projects that have been selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically- advanced controls and cyber-security devices into our electric grid and energy infrastructure.

2007.10.17 - Industry News - Will cyberintrusions crash U.S. electrical grid?

Thu, 18 Oct 2007 09:47:30 -0400

Anne Broache ,
CNET news.com,
17 Oct 2007
WASHINGTON--Some critics of the U.S. government's cybersecurity efforts might argue that nothing short of a bomb going off--or, well, purported Chinese cyberattacks on feds' machines--will land the issue more notice.

This time around, the wake-up call for politicians was, indeed, an explosion: In September, U.S. Homeland Security officials revealed that researchers at the Idaho National Laboratory had managed to destroy a small electrical generator through a simulated cyberattack. A few weeks ago, CNN aired a gloom-and-doom segment featuring snips from the once-classified video showing the device going up in smoke.

2007.10.16 - Industry News - How to Take Down the Power Grid

Wed, 17 Oct 2007 14:21:04 -0400

Ira Winkler,
Internet Evolution,
16 Oct 2007
The first time I broke into our country’s electrical power grid was a decade or so ago. Hacking into the control systems set up by utility companies wasn’t surprising then, and it isn’t surprising now. While people find this shocking, it really isn’t. When you think about how insecure computer infrastructures are, why would you think that the power grid would be any more secure? Frankly, the power grid is even less secure than most other computer networks. I wrote about it many times, including some details in my recent book, Spies Among Us.

All of this came back to me as I watched news stories about "Hackers Blow Up a Generator." The Department of Homeland Security (DHS) put out a video showing a test from Idaho Nuclear Laboratory where someone broke into a SCADA (Supervisory Control and Data Acquisition) computer and caused the generator to run wild until it blew itself up.

2007.10.11 - Industry News - NERC-CIP: 'Critical' or in 'Critical Condition'?

Tue, 16 Oct 2007 17:08:48 -0400

Warren Causey and Mike Smith (Sierra Energy Group),
Energy Pulse,
11 Oct 2007
North American Energy Reliability Corp. Critical Infrastructure Protection (NERC-CIP) standards are a product of the Northeast blackout of 2003 and the terrorist attacks of 2001. Following those events, politicians were clamoring for something to be done to guarantee more reliability for the grid, and protection for the software systems that monitor and today increasingly control the transmission and distribution grids, along with generation and everything else utilities do. Congress controls FERC (the Federal Energy Regulatory Commission), so pressure was applied there.

2007.10.08 - Industry News - When the price for protection is too high

Fri, 12 Oct 2007 14:16:12 -0400

William Jackson ,
GCN.com,
08 Oct 2007
Word is getting around about what appears to be another foray by the government into domestic intelligence gathering. According to news reports, the National Security Agency is making plans to take the lead in a federal initiative to monitor and protect the control and communications networks that serve the nation’s critical infrastructure.

Security can be a good thing, but it comes at a price that must be considered. In this case, we need to ask: Is the government equipped to do the best job of protecting these networks, and do we want to entrust this job to them? The answer to both questions is no.

2007.10.10 - Industry News - Updated homeland security strategy emphasizes resilience

Thu, 11 Oct 2007 15:26:55 -0400

Alice Lipowicz ,
FCW.com,
10 Oct 2007
The Bush administration released this week an updated National Strategy for Homeland Security that emphasizes newer concepts, such as developing resilient infrastructure, while including familiar themes, such as deterring terrorism through more effective information sharing.

2007.10.10 - Industry News - DHS offers baseline for U.S. IT security skills

Thu, 11 Oct 2007 15:24:56 -0400

Brian Robinson,
FCW.com,
10 Oct 2007
The Homeland Security Department recently published a draft of a framework of knowledge and skills it believes the United States needs to prevent cyberattacks.

Development of the "IT Security Essential Body of Knowledge" (EBK) began in 2003, when the DHS National Cyber Security Division (NCSD) began working with the Defense Department, academia and private industry to examine workforce IT certifications and what would be needed to advance security skills.

2007.10.10 - Industry News - Cisco Folds Security Research Group

Wed, 10 Oct 2007 13:35:55 -0400

Kelly Jackson Higgins,
Dark Reading
10 Oct 2007
An internal security research group within Cisco was quietly shuttered over the past few days as part of a restructuring effort.

The group is part of Cisco's Critical Infrastructure Assurance Group (CIAG), which is focused on improving the security of global critical infrastructure with research, training, education, best practices, and standards development. Cisco has not publicly announced the move.

2007.10.04 - Industry News - Industrial controls have very specific security needs

Tue, 9 Oct 2007 10:43:03 -0400

Ellen Fussell Policastro,
ISA InTech
04 Oct 2007
Security is a big deal, but when it comes to securing control systems, that is a whole different can of worms, so to speak.

The industry needs special security measures for their special needs. On Wednesday, Chris Martin with Industrial Defender was on hand in the Security XPod to give an overview of how these special products can help users secure their SCADA and DCS systems and networks. They are specifically engineered for the SCADA and DCS environment. The products are different than other security measures because they "stop at the plant perimeter, and the edge of the process control network," Martin said. "We don’t sell our solutions into the enterprise. We feel there are unique characteristics and solutions sold on the corporate side that are not applicable for the plant side."

2007.10.01 - Industry News - Remarks of Cybersecurity and Communications Assistant Secretary Greg Garcia at the National Cyber Security Awareness Month Kick-Off Summit

Tue, 9 Oct 2007 10:35:33 -0400

Remarks of Cybersecurity and Communications Assistant Secretary Greg Garcia,
Department of Homeland Security (DHS),
01 Oct 2007
...We’re in a time of increasing global threats to our cyber infrastructures and to the services, systems, and assets that depend on them. While these at-risk-systems are vast, they easily fade into the background of everyday life. The local ATM, the overhead lights, and the water faucets are all dependant on larger, more comprehensive systems controlled by it networks.

An exploited vulnerability in one of these it control systems could range from the annoying to the catastrophic. Our adversaries would like nothing more than to gain control of our financial markets, power generation plants, water purification facilities, or transportation systems. That’s why, here in our Nation’s capital, as in any American city, cyber vulnerabilities can have real world consequences.

2007.10.01 - Industry News - Much work to be done as National Cyber Security Awareness Month begins

Tue, 9 Oct 2007 10:32:40 -0400

Dan Kaplan ,
SC Magazine,
01 Oct 2007
A joint McAfee and National Cyber Security Alliance study, released today to kick off National Cyber Security Awareness Month, reports that while 98 percent of 378 respondents believe keeping security software up to date is important, less than half -48 percent- of their computers had not been updated in the past month.

2007.09.27 - Industry News - Mouse click could plunge city into darkness, experts say

Thu, 27 Sep 2007 12:41:37 -0400

Jeanne Meserve ,
CNN,
27 Sept 2007
WASHINGTON (CNN) -- Researchers who launched an experimental cyber attack caused a generator to self-destruct, alarming the government and electrical industry about what might happen if such an attack were carried out on a larger scale, CNN has learned.

Sources familiar with the experiment said the same attack scenario could be used against huge generators that produce the country's electric power.

2007.09.27 - Industry News - US video shows simulated hacker attack

Thu, 27 Sep 2007 12:38:05 -0400

Ted Bridis and Eileen Sullivan ,
Associated Press (AP),
27 Sept 2007
WASHINGTON (AP) -- A government video shows the potential destruction caused by hackers seizing control of a crucial part of the U.S. electrical grid: an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down.

The video, produced for the Homeland Security Department and obtained by The Associated Press on Wednesday, was marked "Official Use Only." It shows commands quietly triggered by simulated hackers having such a violent reaction that the enormous turbine shudders as pieces fly apart and it belches black-and-white smoke.

2007.09.25 - Incidents - Radar fails in Memphis; hundreds of flights affected

Wed, 26 Sep 2007 09:39:29 -0400

CNN.com,
25 Sept 2007
ATLANTA, Georgia (CNN) -- Air traffic controllers were forced to use their personal cell phones to reroute hundreds of flights Tuesday after the Federal Aviation Administration's Memphis Center lost radar and telephone service for more than two hours, snarling air traffic in the middle of the nation.

2007.09.24 - Incidents - Investigators: Homeland Security computers hacked

Wed, 26 Sep 2007 09:37:10 -0400

CNN.com,
24 Sept 2007
WASHINGTON (CNN) -- Hackers compromised dozens of Department of Homeland Security computers, moving sensitive information to Chinese-language Web sites, congressional investigators said Monday.

Investigators pointed a finger at a government contractor, saying the firm hired to protect DHS computers tried to hide the incidents from the department.

2007.09.20 - Industry News - NSA to defend against hackers

Tue, 25 Sep 2007 09:17:04 -0400

Siobhan Gorman ,
Baltimore Sun,
20 Sept 2007
Privacy fears raised as spy agency turns to systems protection
In a major shift, the National Security Agency is drawing up plans for a new domestic assignment: helping protect government and private communications networks from cyberattacks and infiltration by terrorists and hackers, according to current and former intelligence officials.

2007.09.20 - Industry News - Hackers reveal day-to-day dangers

Fri, 21 Sep 2007 17:09:35 -0400

Jonathan Kent ,
BBC News,
20 Sept 2007
The BBC's Jonathan Kent attends the Hack In The Box conference in Malaysia to hear about the dangers ethical hackers are starting to uncover.

These days meetings of computer hackers are no longer gatherings of pale young men sitting in rooms knee deep in pizza boxes.

2007.09.19 - Industry News - US Air Force sets up Cyber Command

Fri, 21 Sep 2007 17:07:01 -0400

Agence France Presse (AFP),
news.yahoo.com,
19 Sept 2007
WASHINGTON (AFP) - The US Air Force established a provisional Cyber Command Tuesday as part of an expanding mission to prepare for wars in cyberspace, officials said.

The move comes amid concerns over a wave of hacker attacks originating in China against western governments and a crippling attack in May against Estonia amid a dispute with Russia.

2007.09.18 - Industry News - Settlement Ends First BP Explosion Trial

Wed, 19 Sep 2007 10:08:43 -0400

Monica Rhor (The Associated Press),
WashingtonPost.com,
18 Sept 2007
GALVESTON, Texas -- The first trial stemming from the deadly explosion at BP PLC's Texas City refinery ended in a settlement Tuesday.

The trial over the 2005 accident _ which killed 15 people, injured 170 and was the worst accident in the gas and chemical industry in almost 15 years _ began Sept. 5. It was the only one of hundreds of lawsuits from the blast to reach the courtroom.

2007.09.13 - Industry News - Data explosion shakes up IT

Tue, 18 Sep 2007 17:02:18 -0400

Jeremy Kirk,
IDG News Service
13 Sept 2007
Reported software vulnerabilities declined in 2003 and 2004 but surged in 2005 to around 6,000 -- an all-time high

2007.09.06 - Incidents - Chinese hackers cyber-attacking British government networks

Thu, 13 Sep 2007 16:55:40 -0400

News.yahoo.com,
Agence France Presse (AFP),
06 Sept 2007
LONDON - Chinese computer hackers are infiltrating British government networks, giving them access to secret information, according to media reports on Thursday.

The reports in The Times and The Independent newspapers come a day after US President George W. Bush said he may bring up the issue of suspected Chinese cyber-attacks on the US defence department in a meeting with China's President Hu Jintao.

2007.09.04 - Incidents - China Denies Accusations Its Military Hacked Into Pentagon Computer System

Tue, 4 Sep 2007 11:01:29 -0400

FoxNews.com,
Associated Press,
04 Sept 2007
China on Tuesday denied a report that its military had hacked into Pentagon computers, saying the allegations were "groundless" and that Beijing was opposed to cybercrime.

The Financial Times, citing unnamed officials, reported Monday that the People's Liberation Army hacked into a computer system in the office of Defense Secretary Robert Gates in June. The attack forced officials to take down the network for more than a week, the report said.

2007.08.27 - Industry News - Premier Wen Declares Opposition to Hacker Activity

Wed, 29 Aug 2007 10:45:35 -0400

China.org.cn
27 Aug 2007
Chinese Premier Wen Jiabao told visiting German Chancellor Angela Merkel on Monday that China firmly opposed hackers and promised full cooperation with Germany on the prevention and tracking of any hacker activity.

Wen's comments came in response to a reporter's question concerning reported Chinese hackers who attacked the computer networks of the German government.

2007.08.22 - Industry News - America's Hackable Backbone

Thu, 23 Aug 2007 13:33:51 -0400

Andy Greenberg,
Forbes.com
22 Aug 2007
The first time Scott Lunsford offered to hack into a nuclear power station, he was told it would be impossible. There was no way, the plant's owners claimed, that their critical components could be accessed from the Internet. Lunsford, a researcher for IBM's Internet Security Systems, found otherwise.

2007.08.20 - Industry News - FBI launches cybersecurity project

Tue, 21 Aug 2007 16:55:26 -0400

Wilson P. Dizard III
GCN.com
20 Aug 2007
The FBI has chosen the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign to host a new law enforcement cybersecurity research center.

The bureau said it would provide $3 million to support the first two years’ operation of the National Center for Digital Intrusion Response. The new center represents an expansion of the FBI’s existing work with the university, which also receives funds from other federal agencies to carry out cybersecurity research and development.

2007.08.15 - Industry News - LAX outage is blamed on a single computer

Thu, 16 Aug 2007 10:26:00 -0400

Tami Abdollah
LAtimes.com
15 Aug 2007
City officials demand a full report on the U.S. Customs system failure and contingency plans.
U.S. Customs officials said Tuesday that they had traced the source of last weekend's system outage that left 17,000 international passengers stranded in airplanes to a malfunctioning network interface card on a single desktop computer in the Tom Bradley International Terminal at LAX.

2007.08.14 - Industry News - FERC proposes to approve three new NERC reliability standards

Thu, 16 Aug 2007 10:23:44 -0400

platts.com,
14 Aug 2007
The US Federal Energy Regulatory Commission is proposing to approve three new reliability standards developed by the North American Electric Reliability Corp.

2007.08.14 - Industry News - Chemical industry making security inroads

Tue, 14 Aug 2007 12:10:19 -0400

ISA,
14 Aug 2007
Since 9/11, the chemical industry has voluntarily upgraded their security posture, spending more than $3 billion to protect hazardous chemicals from attack and theft by terrorists.

2007.08.14 - Company News - Industrial Defender Awarded Patent for Cyber Risk Mitigation Technology

Tue, 14 Aug 2007 09:56:08 -0400

Press Release,
Industrial Defender, Inc. ,
14 Aug 2007
MANSFIELD, Mass., August 14, 2007 - Industrial Defender, Inc., the global Cyber Risk Protection(TM) leader previously known as Verano, Inc., won recognition by the U.S. Patent and Trademark Office for its Industrial Defender risk mitigation technology suite on July 17, with U.S. Patent No. 7,246,156. The newly patented platform mitigates increased cyber security threats, protects critical infrastructures and meets regulatory compliance for organizations in the power, energy, transportation, water and chemical industries.

2007.08.13 - Industry News - Anti-terror system is up to five years late

Thu, 16 Aug 2007 10:40:41 -0400

Tony Collins,
ComputerWeekly.com,
13 Aug 2007
A mission-critical IT project to replace hard copy intelligence on threats to UK security with a secure network that links government offices in the UK and overseas is due for completion in 2009 - five years later than originally planned.

2007.08.13 - Industry News - Black hat IPS reverse engineering poses 'serious threat'

Tue, 14 Aug 2007 09:52:04 -0400

vnunet.com,
Robert Jaques,
13 Aug 2007
A recently disclosed Black Hat hacker technique for reverse engineering intrusion prevention system (IPS) data poses a 'serious risk' for thousands of enterprises, Gartner has warned.

2007.08.12 - Incidents - Computer glitch holds up 20,000 at LAX

Mon, 13 Aug 2007 13:12:10 -0400

LA Times,
Karen Kaplan, Rong-Gong Lin II and Ari B. Bloomekatz,
12 Aug 2007
More than 20,000 international passengers were stranded for hours at Los Angeles International Airport on Saturday, waiting on airplanes and in packed customs halls while a malfunctioning computer system prevented U.S. officials from processing the travelers' entry into the country.

2007.08.10 - Industry News - Knowledge is greatest threat to critical infrastructure

Fri, 10 Aug 2007 14:36:07 -0400

Liam Tung,, ZDNet.com, 10 Aug 2007
The major concern is security of Supervisory Control and Data Acquisition (SCADA) systems -- the central nervous system for sensors, alarms and switches that provide automated control and monitoring functions for utilities such as water, gas and electricity, as well as large manufacturers.

2007.08.09 - Industry News - Focus Will Shift To Chemical Security

Fri, 10 Aug 2007 11:52:54 -0400

Government Security, 09 Aug 2007
House Democrats are looking to reopen the chemical security debate this fall, adding facilities that were exempted from regulations that became law last year, reports Congressional Quarterly.

2007.08.06 - Industry News - $10 hack can unlock nearly any office door

Wed, 8 Aug 2007 10:24:41 -0400

Erik Larkin, ComputerWorld.com, 06 Aug 2007
(PC World) Cut a couple of wires, insert a small, easy-to-make device between them, and you can walk right through all those supposedly card-protected locked office doors.

2007.08.04 - Industry News - Flaw Shown in Infrastructure Software

Mon, 6 Aug 2007 09:18:48 -0400

Jordan Robertson, Forbes.com, 04 Aug 2007
LAS VEGAS - Terrorists and other criminals could exploit a newly discovered software flaw to hijack massive computer systems used to control critical infrastructure like oil refineries, power plants and factories, a researcher said Saturday.

2007.08.03 - Industry News - Border Computers Vulnerable to Attack

Wed, 8 Aug 2007 10:21:14 -0400

Spencer S. Hsu, WashingtonPost.com., 03 Aug 2007
The U.S. government's main border control system is plagued by computer security weaknesses, increasing the risk of computer attacks, data thefts, and manipulation of millions of identity records including passport, visa and Social Security numbers and the world's largest fingerprint database, officials said.