tag:blogger.com,1999:blog-11894340115004613592024-03-05T16:31:55.470-06:00This Week In Security - Orlando StevensonSecurity topics with a special interest in critical infrastructure cyber protection, supporting strategy and programs, business drivers, and the future. <a href="http://thisweekinsecurity.blogspot.com">Home </a>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.comBlogger39125tag:blogger.com,1999:blog-1189434011500461359.post-45430981193374865282012-12-29T20:50:00.000-06:002013-02-01T05:31:25.942-06:00Retirement and Opportunity - A Personal Note Going into 2013<span style="color: black; font-family: Arial, Helvetica, sans-serif;">Friends and family gathered last night to wish my wife and I the best during a </span><a href="http://www.nppd.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">Nebraska Public Power District</span></a><span style="color: black; font-family: Arial, Helvetica, sans-serif;"> retirement party. My retirement, effective October 31st, wraps up a twenty-one year career with a large, vertically integrated public power utility company. Also invited and present were some of my prior </span><a href="http://www.behlenmfg.com/" target="_blank"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: black;">Behlen Mfg. Co</span></span></a><span style="color: black; font-family: Arial, Helvetica, sans-serif;">. colleagues, where my career first focused on developing and supporting engineering and manufacturing solutions across a wide range of platforms and technologies. </span><br />
<span style="color: black; font-family: Arial, Helvetica, sans-serif;"></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: black;"><b>Career and Technology Perspective. </b>Those of us that have been in the information technology and security fields for several decades can easily look back at our own experiences and appreciate incredible advancements. When I started with Behlen Mfg., the systems were distinct and independent: mainframe for business (IBM 3400 series), mini for engineering design and schematics production (Synercom Technology's</span></span><span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: black;"> flavor of DEC's PDP 11/70), and a sprinkling of dedicated, often proprietary end user systems that ranged from graphics stations, word processing stations, to dumb terminals (aka tubes). Behlen offered a great opportunity to work a wide range of challenges from programming engineering and manufacturing focused solutions (generating bill of materials, etc. based on parametric inputs on the mainframe) to eventually include "downscaling" some of mini-computer building steel frame design/iteration programs to engineering PCs. This allowed the engineering team to further enhance, optimize frame building designs by speeding up an iterative process, permitting more than one design to be analyzed at a time, without huge additional spend. I also had the neat infrastructure challenge to directly support Mainframe VM and mini-computers.. planning, performing key upgrades (OS, DASD storage, core to digital memory with salvage parts, etc) Behlen was also where I helped bring on the PC revolution with computer aided design systems (CAD) including some useful CNC (computer numerical control for manufacturing automation) and more broadly used office productivity software, establishing networking (3COM, Banyan Vines), while coding up some very useful Turbo Pascal applications.</span></span><br />
<span style="color: black; font-family: Arial, Helvetica, sans-serif;"></span><br />
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<span style="color: black; font-family: Arial, Helvetica, sans-serif;">After five years with Behlen, joining NPPD offered additional opportunities to bring on server and PC local area networking "LAN" advancements, and seeing a very large commitment to mainframe based computing continue scaling up before being rapidly phased out of the organization with a Y2K focused large ERP (Enterprise Resource Planning) implementation on mini computers. Networking during this time frame eventually transitioned from distinct architectures and implementations to the now ubiquitous TCP/IP protocol. The Internet opened up with the first killer app being email, followed by continued world wide web and search engines advancements to help access rapidly improving capabilities while also making the Internet broadly more accessible and useful.</span><br />
<br /></div>
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<span style="color: black; font-family: Arial, Helvetica, sans-serif;">Over the years we have seen the rising flood of information technology increasingly encompass everything we know and care about: smaller, faster, decreasing cost and increasingly connected. Computing power that used to take a building with dedicated staff from the early commercial days now fits in the palm of our hands, a thousand times faster; representing over a billion-fold price/performance improvement. All this change articulates an exponentially paced advancement that is continuing and further accelerating according to some </span><a href="http://thisweekinsecurity.blogspot.com/2012/01/welcome-2012-taking-look-into-future.html" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">...more</span></a><span style="color: black; font-family: Arial, Helvetica, sans-serif;">.</span></div>
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<span style="color: black; font-family: Arial, Helvetica, sans-serif;"></span><br /></div>
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<span style="color: black; font-family: Arial, Helvetica, sans-serif; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;">Increasing connectivity, capability, and dependence on information technology dynamically and dramatically ramps up real world risk considerations. Today, a solid grasp of the security issues, including compliance, must be factored into technology strategy and decisions for organizational success.</span></div>
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<span style="mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;"></span><span style="mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;"></span><span style="color: black; font-family: Arial, Helvetica, sans-serif;"> </span></div>
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo4JJakZbAO48vfO2LS-_7R8MaM_0sTN5hNwrLU87pgy5L3pvSi7aQ7SG3agGY3hUd1Zjc_643MYX6RBx2lthbn07b6oVCx3_aRSTmP284XEUBz4TNJGyy4YuxufMJpX4mIL0Po7OJweMv/s1600/Untitled.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><span style="color: black;"><img border="0" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo4JJakZbAO48vfO2LS-_7R8MaM_0sTN5hNwrLU87pgy5L3pvSi7aQ7SG3agGY3hUd1Zjc_643MYX6RBx2lthbn07b6oVCx3_aRSTmP284XEUBz4TNJGyy4YuxufMJpX4mIL0Po7OJweMv/s320/Untitled.jpg" width="320" /></span></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo4JJakZbAO48vfO2LS-_7R8MaM_0sTN5hNwrLU87pgy5L3pvSi7aQ7SG3agGY3hUd1Zjc_643MYX6RBx2lthbn07b6oVCx3_aRSTmP284XEUBz4TNJGyy4YuxufMJpX4mIL0Po7OJweMv/s1600/Untitled.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><span style="color: black; font-family: Arial, Helvetica, sans-serif;"></span></a><span style="mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: black;"><b>Cyber Security Focus.</b> Since 2002, my focus at NPPD centered on cyber security in corporate and increasingly operational settings, e.g., fossil, nuclear. While this work with colleagues was rewarding, an opportunity emerged after reaching retirement eligibility mid-2012 to join the </span></span><a href="https://www.esisac.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">ES-ISAC</span></a><span style="color: black; font-family: Arial, Helvetica, sans-serif;"> (Electricity Sector Information Sharing and Analysis Center), supported by </span><a href="http://www.nerc.com/" target="_blank"><span style="color: black; font-family: Arial, Helvetica, sans-serif;">NERC</span></a><span style="color: black; font-family: Arial, Helvetica, sans-serif;"> (North American Electric Reliability Corporation). I have accepted the challenge, directly supporting the ES-ISAC at NERC in Washington DC.</span></span></div>
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<span style="color: black; font-family: Arial, Helvetica, sans-serif;"></span><br /></div>
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<span style="mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: black;"><span style="mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin;">The focus on mandatory standards and compliance enforcement dominates much of what electric utility entities think of NERC</span> since the Energy Policy Act of 2005 and ERO (Electric Reliability Organization) designation by FERC (Federal Energy Regulatory Commission). The challenge for the ES-ISAC is to continue building capabilities and trust with the industry, federal partners, and regulatory bodies while also striving to be increasingly forward leaning in anticipating and appropriately addressing key security challenges using automation and more traditional methods, such as </span></span><a href="http://www.nerc.com/page.php?cid=5%7C63%7C253" target="_blank"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: black;">NERC Alerts</span></span></a><span style="color: black; font-family: Arial, Helvetica, sans-serif;">. The key industry security focus areas for the ES-ISAC looking forward into 2013 include building out operational capabilities under development and further bolstering core programs (e.g., assessments, exercises) and outreach (e.g. webinars, workshops).</span></span></div>
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<br />
<span style="color: black; font-family: Arial, Helvetica, sans-serif;">Federal bodies remain acutely interested and inquisitive about what the electric power industry is doing to address security concerns even as related standards advance and compliance enforced footprints scope rapidly expand across the industry with FERC and NRC (Nuclear Regulatory Commission) driven oversight, auditing, and inspection.</span><br />
<br />
<span style="color: black; font-family: Arial, Helvetica, sans-serif;">I expect cyber security to continue being a challenging and rapidly evolving critical infrastructure arena. This is an exciting time to be engaged with critical infrastructure protection!</span></div>
<div class="MsoPlainText" style="margin: 0in 0in 0pt;">
<br />
<span style="color: black; font-family: Arial, Helvetica, sans-serif;">More: </span><a href="http://www.cbsnews.com/video/watch/?id=6578069n" target="_blank"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: black;"><strong>Cyber War</strong> (video 18:02)<span id="goog_1022708017"> - 60 MINUTES, June 2010</span></span></span></a></div>
Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-86245161785259209902012-08-06T23:24:00.000-05:002012-08-09T12:53:27.676-05:00Rules of the Game Still Apply (Terrorism)1989 G. Gordon Liddy Article Continues To ResonateAs an avid Omni magazine reader years ago, one particular "after-the-fact" fictional article from the Jan 1989 issue captivated my attention- penned by former Nixon Administration convicted confidant <a href="http://en.wikipedia.org/wiki/G._Gordon_Liddy" target="_blank">G. Gordon Liddy</a>. <br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlHAFR02U1F3yK3cs27Ihjh0Mfec484p0oBDykLnACPhQa7Y9mMBiw0LLb3PZpGRKfB1aEPHBNgmqM61s6MgF9mpL-qDG3ac5cTvAQEnvoQmeaT2INLsYUFK7crCyN1idkjWtXrFbE-Q7H/s1600/omni-cover.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlHAFR02U1F3yK3cs27Ihjh0Mfec484p0oBDykLnACPhQa7Y9mMBiw0LLb3PZpGRKfB1aEPHBNgmqM61s6MgF9mpL-qDG3ac5cTvAQEnvoQmeaT2INLsYUFK7crCyN1idkjWtXrFbE-Q7H/s320/omni-cover.jpg" width="236" /></a><br />
<ul>
<li><a href="http://web.archive.org/web/20060221022525/http://www.liddyshow.us/mustread11.php" target="_blank"><strong><span style="font-size: large;">Rules of the Game By G. Gordon Liddy (Omni, Jan 1980)</span></strong></a> - archive.org<div>
MEMO</div>
<div>
<strong>TO:</strong> THE PRESIDENT</div>
<div>
<strong>FROM:</strong> G. GORDON LIDDY</div>
<div>
<strong>SUBJECT</strong>: NEAR FUTURE POTENTIAL FOR MASSIVE TERRORISM ON U.S. SOIL</div>
</li>
</ul>
<br />
The fictional memo characterizes critical infrastructure concerns and analysis from postulated events that continues to remain in many ways applicable and a challenge today:<br />
<br />
<ol>
<li><strong>U.S. COMMERCIAL AIRCRAFT INDUSTRY: 90% INOPERATIVE</strong> <div>
- Since 9/11, air terminal facilities security upgrades provides substantial mitigation from the threat of liquid metal embrittlement (LME) agents.</div>
<div>
</div>
</li>
<li><strong>NATION'S CAPITAL AND SEVEN LARGEST METROPOLITAN AREAS BLACKED OUT INDEFINITELY</strong> <div>
- Potential electric grid physical attacks on high voltage transformers across a wide area would be quite debilitating and difficult to recover from even with progress on spare transformer programs. Other significant types of physical grid damage blackout risks include larger area electromagnetic pulse attacks (<a href="http://www.empcommission.org/" target="_blank">commission findings</a>) and geomagnetic storm events being address with <a href="http://www.nerc.com/filez/gmdtf.html" target="_blank">NERC's Geomagnetic Disturbance Task Force - GMDTF</a>.<br />
</div>
</li>
<li><strong>NORTH-SOUTH RAIL TRAFFIC IN EASTERN UNITED STATES SEVERED; MUCH OF STRATEGIC
RAIL CORRIDOR NETWORK (STRACNET) OUT</strong> <div>
- continuing <a href="http://www.almc.army.mil/alog/issues/NovDec99/MS455.htm" target="_blank">Preserving Strategic Rail Mobility - ongoing STRACNET program</a></div>
<div>
</div>
</li>
<li><strong>NATURAL GAS SUPPLY FOR INDUSTRIAL UTILITY, COMMERCIAL, AND RESIDENTIAL USE IN
NORTHEASTERN AND ATLANTIC COASTAL U.S. CUT BY 75%; RESTORATION TO TAKE A YEAR.</strong><div>
- <a href="http://abcnews.go.com/Blotter/dhs-hackers-mounting-organized-cyber-attack-us-gas/story?id=16304818" target="_blank">DHS: Hackers Mounting Organized Cyber Attack on U.S. Gas Pipelines </a>(5/2012)</div>
</li>
<li><strong>COMPUTER DATABASE ERASURE OF WALL STREET, SIX FEDERAL RESERVE BANKS, TWO IRS
SERVICE CENTERS, SEVERAL OF LARGEST COMMERCIAL BANKS, AND NUMEROUS CORPORATIONS
PRODUCES FISCAL CHAOS </strong>- since 9/11, financial organizations have bolstered offsite backup facilities and continuity planning that would help at least in part mitigate the impact today.</li>
</ol>
<div>
<strong>The memo goes on to provide insights and recommendations:</strong></div>
<ul>
<li><strong>.</strong>.. the "prayer" of public officials has always been that a disaster will be either so immense as to be perceived as an "act of God" and thus engage the loyalty and team spirit of both the government and a patient populace or so small that it will go away by itself. The dread of officials is the one in between, affecting more than one choke point, the one with which government cannot cope. It is dreaded because it damages the faith of the people in their government and the way of life.</li>
<li>.. current situation is a nightmare. The people know this was not an act of God. What has happened is so immense as to be almost incomprehensible to them. The people expect their government to do something about it; to fix the problem and punish those responsible. And the American people are not patient.</li>
<li>.. delay in the use of force, and hesitation to accept responsibility for its employment when the situation clearly demands it, will always be interpreted as a weakness. Such indecision will encourage further disorder, and will eventually, necessitate measures more severe than first instance." <br />--<a href="http://www.au.af.mil/au/awc/awcgate/swm/index.htm" target="_blank">The United States Marine Corps Small Wars Manual (1940), page 27, paragraph (d)</a> </li>
</ul>
<br />
Cybersecurity continues gaining an increasingly important role bolstering critical infrastructure security with a rising flood of IT risks, including those associated with Smart Grid. The potential for serious impacts from physical or blended attacks also demands ongoing attention.<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-17752803663433647472012-02-20T21:40:00.063-06:002012-02-24T10:26:56.604-06:00NERC CIP V5 Drafting: Showstoppers and Tune-Ups Addressed-Honeywell-Matrikon's Team Shares Latest as Key Next Draft Forms Up<span style="color: rgb(51, 51, 255);font-size:78%;" >Updated 2/24/2012</span><br />NERC CIP V5 continues to form up since the first ballot failed to pass even as much of the industry incrementally focuses more on CIP V4. The NERC approved V4 adds up to a rather straightforward application of CIP V3, plus prescriptive bright-line criteria to determine facilities in scope (instead of owner developed risk based assessment methodology permitted prior). <span style="font-style: normal; font-weight: bold; color: rgb(51, 51, 255);"><a href="http://www.matrikon.com/downloads/997/index.aspx">NERC CIP V5 is a whole new ball game.</a></span><br /><br /><span style="font-style: normal; font-weight: bold; ">Lastest on NERC CIP V5 - Proposed Changes</span><br /><a href="http://insecurity.matrikon.com/"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;width: 320px; height: 184px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUatvxmj4CIp-39uU0y4BgF2oMkfZmvojnffWbQ9WkWYjNK1TYnQnlR4D8c7Vgq04AjY6sANrMHqAdZKbeEEZJIwN2U57Fq-hd5xbRqPvIHnikMrFuSbKl_55KJmBzK4kg7PAaOoVNNEbD/s320/Matrikon.jpg" alt="" id="BLOGGER_PHOTO_ID_5712570555590116642" border="0" /></a><br />Honeywell-Matrikon's <a href="http://insecurity.matrikon.com/" style="font-style: normal; color: rgb(51, 51, 255);"><b>[in]Security Culture Blog</b></a><a href="http://insecurity.matrikon.com/" style="font-style: normal; font-weight: normal; "> </a>and <a style="color: rgb(51, 51, 255);" href="http://www.matrikon.com/webcasts/index.aspx"><b>webcasts</b></a><span style="color: rgb(51, 51, 255);"> </span>continue offering solid insights for organizations focusing on where CIPs are heading, addressing related compliance challenges. From the Jan 30th posting <a title="Permalink to SDT Meeting updates – Or, an informal open letter" href="http://insecurity.matrikon.com/index.php/2012/01/sdt-meeting-updates-or-informal-open-letter/" rel="bookmark" style="font-style: normal; font-weight: normal; color: rgb(51, 51, 255);">SDT Meeting updates – Or, an informal open letter</a><span style="color: rgb(51, 51, 255);">, </span>Tom Alrich provides his opinions regarding the direction on a set of key V5 draft issues:<br /><ol style="font-style: normal; font-weight: normal; "><li><span style="font-weight: bold;">Inventory for Low-Impact Assets</span><br />- First draft would require an inventory of all assets for compliance. This is in conflict with the SDT's intent and should be resolved in the next draft.<br /><br /></li><li style="font-weight: bold;">Asset Identification<br /><span style="font-weight: normal;">- First draft has a fatal flaw of requiring review of <span style="font-style: italic;">all</span> assets to identify BES reliability Operation Services supported. Next draft should return back to the approach of starting with facility identification before going deeper to supporting assets<span style="font-style: italic;">- a much more feasible and reasonable methodology.</span><br /></span><br style="font-weight: bold;"></li><li style="font-weight: bold;">DPs and LSEs<br /><span style="font-weight: normal;">- To only be included if they have one or more systems meeting the bright-line criteria.<br /><br /></span></li><li style="font-weight: bold;">TO Control Centers<br style="font-weight: normal;"><span style="font-weight: normal;">- Transmission operators (TOPs) already on the hook, no need to also burden transmission owners<span style="font-weight: bold;">.<br /></span></span><br /></li><li><span style="font-weight: bold;">Blackstart Plants</span><br style="font-weight: bold;">- First draft's direction of raising all to Medium Impact would be counterproductive to reliability. Generators have a choice on whether or not to participate in regional blackstart plans and the cost of CIP compliance significantly exceeds typical financial benefit. Many anticipate large withdrawal of blackstart units nationwide from plans, some say this is already happening. A compromise proposed would assign blackstart to Low impact if no external routable or dialup connectivity is used.<br /><br /></li><li><span style="font-weight: bold;">Power Plant Thresholds - 1500 MW</span><br />- Right now very few plants meet this threshold for cyber assets given multiple industrial control systems, not a single cyber system, typically supports production. Many see it likely FERC will decide to lower this threshold given increasing concerns about having sufficient bulk electric assets addressed.<br /><span style="color: rgb(51, 51, 255);"><span style="font-weight: bold;"><br /><span style="font-style: italic; color: rgb(51, 51, 255);">2/23 Update - A simple thought experiment:</span></span><span style="font-style: italic; color: rgb(51, 51, 255);"> "How much of the Bulk Electric System would remain available if all related facilities not in the scope of NERC CIPs or Nuclear (NEI 08-09) </span></span><span style="color: rgb(51, 51, 255);"><span style="font-style: italic;">we</span><span style="font-style: italic;">re taken out of service?</span><br /><br />Honeywell-Matrikon's latest post by Tom Alrich explains more - </span><a style="color: rgb(51, 51, 255);" title="Permalink to NERC CIP – An update from our man in the field, Tom Alrich" href="http://insecurity.matrikon.com/index.php/2012/02/nerc-cip-update-man-field-tom-alrich/" rel="bookmark"><strong>Version 5: About those Large Plants…. (2/23)</strong></a><span style="color: rgb(51, 51, 255);"><span style="color: rgb(51, 51, 255);">: "</span></span><span style="font-style: italic; color: rgb(51, 51, 255);">.. The main question is whether FERC will be pleased with 7.2 percent of non-blackstart generating units being part of a plant that will be a Medium Impact facility under CIP Version 5 or a Critical Asset under Version 4.</span><span style="color: rgb(51, 51, 255);"><span style="font-style: italic; color: rgb(51, 51, 255);">"</span><br /><br /></span></li></ol><p style="font-style: normal; font-weight: normal; "><span style="font-weight: bold;">More: </span><br /></p><ul style="font-style: normal; font-weight: normal; "><li><a style="color: rgb(51, 51, 255);" href="http://www.nerc.com/filez/standards/Project_2008-06_Cyber_Security.html">NERC Project 2008-06 Cyber Security Order 706 Project Site</a><br />- click "Version 5 CIP Standards" activity<br /><br /></li><li><a style="color: rgb(51, 51, 255);" href="http://nrc-stp.ornl.gov/slo/regguide571.pdf">NRC RG 5.71 Cyber Security Programs for Nuclear Facilities</a><br />- NEI 08-09 addresses related NRC Order expectations for <a style="color: rgb(51, 51, 255);" href="http://www.nrc.gov/reading-rm/doc-collections/cfr/part073/part073-0054.html">10 CFR 73.54 Protection of digital computer and communication systems and networks</a><br /><br /></li><li><a style="color: rgb(51, 51, 255);" href="http://www.matrikon.com/webcasts/index.aspx">Honeywell-Matrikon Webcasts</a> - CIP Version 5 replays include:<br />- Proactive Payoff: Getting Ready for NERC CIP V5<br />- CIP Version 5: A Whole New Ball Game<br /><br /></li></ul>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com1tag:blogger.com,1999:blog-1189434011500461359.post-45033392869327804302012-01-26T23:37:00.021-06:002012-08-09T12:55:10.089-05:00Project Basecamp 2012 a Hit... Are We Really Ripe for More Attacks Like Stuxnet?-Researcher Ralph Langner says "Yes" at NATO Keynote.<span style="color: #660000; font-weight: bold;"><br /></span><span style="color: #660000; font-size: 130%; font-weight: bold;">Project <span class="blsp-spelling-error" id="SPELLING_ERROR_0"><span class="blsp-spelling-error" id="SPELLING_ERROR_0">Basecamp</span></span> A Hit- But Will It work? </span><br />
<a href="http://www.digitalbond.com/2012/01/26/basecamp-1-week-later-outrage/"><img alt="" border="0" src="https://www.digitalbond.com/wp-content/uploads/2012/01/screem.jpg" style="cursor: pointer; float: right; height: 240px; margin: 0px 0px 10px 10px; width: 161px;" /></a><br />
Researchers <span class="blsp-spelling-corrected" id="SPELLING_ERROR_1">participating</span> in <a href="http://www.digitalbond.com/?s=Basecamp">Project <span class="blsp-spelling-error" id="SPELLING_ERROR_2"><span class="blsp-spelling-error" id="SPELLING_ERROR_1">Basecamp</span></span></a> clearly demonstrated just how extremely fragile and vulnerable many Industrial Control Systems (<span class="blsp-spelling-error" id="SPELLING_ERROR_3"><span class="blsp-spelling-error" id="SPELLING_ERROR_2">ICSs</span></span>) remain to targeted <span class="blsp-spelling-error" id="SPELLING_ERROR_4"><span class="blsp-spelling-error" id="SPELLING_ERROR_3">cyber</span></span> attacks during <a href="http://www.digitalbond.com/s4/"><span class="blsp-spelling-error" id="SPELLING_ERROR_5"><span class="blsp-spelling-error" id="SPELLING_ERROR_4">DigitalBond's</span></span> S4 conference</a> this month. Amazingly, a number of persistent <span class="blsp-spelling-corrected" id="SPELLING_ERROR_6">vulnerabilities</span> include poorly devised "features" in addition to a bucket load of underlying software flaws. Tools released include point and click easy <span class="blsp-spelling-error" id="SPELLING_ERROR_7"><span class="blsp-spelling-error" id="SPELLING_ERROR_5">Metasploit</span></span> modules. All of this effort to extensively demonstrate persistent <span class="blsp-spelling-error" id="SPELLING_ERROR_8"><span class="blsp-spelling-error" id="SPELLING_ERROR_6">ICS</span></span> security problems is <span style="font-weight: bold;"><span class="blsp-spelling-corrected" id="SPELLING_ERROR_9">ultimately</span> intended to wake up C-level executives to help amp up <span class="blsp-spelling-corrected" id="SPELLING_ERROR_10">pressure</span> on the vendors for secure replacements</span> ("a <span class="blsp-spelling-error" id="SPELLING_ERROR_11"><span class="blsp-spelling-error" id="SPELLING_ERROR_7">Firesheep</span></span> moment"). Regardless, don't expect much soon as many experts agree we've seen ten years pass with few <span class="blsp-spelling-error" id="SPELLING_ERROR_12"><span class="blsp-spelling-error" id="SPELLING_ERROR_8">ICS</span></span> vendor security improvements. <a href="http://www.digitalbond.com/"><span class="blsp-spelling-error" id="SPELLING_ERROR_13"><span class="blsp-spelling-error" id="SPELLING_ERROR_9">DigitalBond's</span></span> site</a> continues dishing up excellent interviews (<span class="blsp-spelling-error" id="SPELLING_ERROR_14"><span class="blsp-spelling-error" id="SPELLING_ERROR_10">podcasts</span></span>), videos, and blog entries worth paying attention to for those interested in <span class="blsp-spelling-error" id="SPELLING_ERROR_15"><span class="blsp-spelling-error" id="SPELLING_ERROR_11">ICS</span></span> security.<br />
<br />
<span style="font-size: 130%;"><br /></span><span style="color: #660000; font-size: 130%; font-weight: bold;">What about <span class="blsp-spelling-error" id="SPELLING_ERROR_16"><span class="blsp-spelling-error" id="SPELLING_ERROR_12">Stuxnet</span></span> - More to come or really just a one time event?</span><br />
<br />
<span style="color: black;">Here’s one of the most insightful, solid presentations</span> available <span style="color: black;">exp</span><a href="http://vimeo.com/25710852"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5702181343207045314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNOkzUg0I3-CTHi7Zf9q_nm5EJJI30NMrlOrafkTlCUy31uuPT889Z4lHXgbUruYn2hXzAH9ECcI_n1rtDIL2tRhBkNP-JpKdbW1K0mY05pScbuloIz_Wj_k9puB8xDJTMqZ_hZTtEWLrf/s320/RalphLangnerNATO2011.jpg" style="cursor: pointer; float: right; height: 178px; margin: 0px 0px 10px 10px; width: 320px;" /></a><span style="color: black;"><span class="blsp-spelling-error" id="SPELLING_ERROR_17"><span class="blsp-spelling-error" id="SPELLING_ERROR_13">lainin</span></span></span><span style="color: black;">g h</span><span style="color: black;">o</span><span style="color: black;">w Ralph <span class="blsp-spelling-error" id="SPELLING_ERROR_18"><span class="blsp-spelling-error" id="SPELLING_ERROR_14">Langer</span></span> & team pulled apart <span class="blsp-spelling-error" id="SPELLING_ERROR_19"><span class="blsp-spelling-error" id="SPELLING_ERROR_15">Stuxnet</span></span>, what they found, and broader <span class="blsp-spelling-error" id="SPELLING_ERROR_20"><span class="blsp-spelling-error" id="SPELLING_ERROR_16">implicati</span></span></span><span style="color: black;"><span class="blsp-spelling-error" id="SPELLING_ERROR_21"><span class="blsp-spelling-error" id="SPELLING_ERROR_17">ons</span></span>. While the <span class="blsp-spelling-error" id="SPELLING_ERROR_22"><span class="blsp-spelling-error" id="SPELLING_ERROR_18">Stuxnet</span></span> windows “dropper” was t</span><span style="color: black;">op tier <span class="blsp-spelling-error" id="SPELLING_ERROR_23"><span class="blsp-spelling-error" id="SPELLING_ERROR_19">malware</span></span> in many ways, including m</span><span style="color: black;"><span class="blsp-spelling-error" id="SPELLING_ERROR_24"><span class="blsp-spelling-error" id="SPELLING_ERROR_20">ultiple</span></span> zero-days, <b><i>the real rocket science was approx. 15,000 lines of crafted industrial control system (<span class="blsp-spelling-error" id="SPELLING_ERROR_25"><span class="blsp-spelling-error" id="SPELLING_ERROR_21">ICS</span></span>) <span class="blsp-spelling-error" id="SPELLING_ERROR_26"><span class="blsp-spelling-error" id="SPELLING_ERROR_22">malware</span></span> “digital warhead” payload developed by seasoned engineers</i></b> (<span class="blsp-spelling-error" id="SPELLING_ERROR_27"><span class="blsp-spelling-error" id="SPELLING_ERROR_23">Langner</span></span>’s opinion- not just “hackers”) targeting <span class="blsp-spelling-corrected" id="SPELLING_ERROR_28">specific</span></span><span style="color: black;"> nuclear enrichment <span class="blsp-spelling-error" id="SPELLING_ERROR_29"><span class="blsp-spelling-error" id="SPELLING_ERROR_24">ICS</span></span> assets.</span><span style="font-family: Wingdings;"><br /></span><br />
<ul>
<li><b><a href="http://vimeo.com/25710852">Ralph <span class="blsp-spelling-error" id="SPELLING_ERROR_30"><span class="blsp-spelling-error" id="SPELLING_ERROR_25">Langner's</span></span> keynote "The first deployed <span class="blsp-spelling-error" id="SPELLING_ERROR_31"><span class="blsp-spelling-error" id="SPELLING_ERROR_26">cyber</span></span> weapon in history: <span class="blsp-spelling-error" id="SPELLING_ERROR_32"><span class="blsp-spelling-error" id="SPELLING_ERROR_27">Stuxnet</span></span>’s architecture and implications"</a></b> (1:05) 6/2011<i> NATO Cooperative <span class="blsp-spelling-error" id="SPELLING_ERROR_33"><span class="blsp-spelling-error" id="SPELLING_ERROR_28">Cyber</span></span> Defence Centre of Excellence - NATO <span class="blsp-spelling-error" id="SPELLING_ERROR_34"><span class="blsp-spelling-error" id="SPELLING_ERROR_29">CCD</span></span> <span class="blsp-spelling-error" id="SPELLING_ERROR_35"><span class="blsp-spelling-error" id="SPELLING_ERROR_30">COE</span></span></i></li>
</ul>
<div class="MsoListParagraph" style="mso-list: l0 level1 lfo1; text-indent: -0.25in;">
</div>
<div class="MsoNormal">
Mr. Langner makes a solid case that this was a highly successful attack (like a missile) which invites an escalation for more to come. The code and modular approach itself is reusable in many ways. He’s also written a book "<strong>Robust Control System Networks: How to Achieve Reliable Control After <span class="blsp-spelling-error" id="SPELLING_ERROR_36"><span class="blsp-spelling-error" id="SPELLING_ERROR_31">Stuxnet</span></span></strong>" that <span class="blsp-spelling-error" id="SPELLING_ERROR_37"><span class="blsp-spelling-error" id="SPELLING_ERROR_32">ICS</span></span> engineers, others can benefit from focusing on designing <span class="blsp-spelling-error" id="SPELLING_ERROR_38"><span class="blsp-spelling-error" id="SPELLING_ERROR_33">ICS</span></span> systems with robust security baked in <a href="http://www.digitalbond.com/2011/08/15/langner-book-review-robust-control-system-networks/">..more</a>.</div>
<div class="MsoNormal" style="font-style: italic;">
Today (1/26) <a href="http://safaribooksonline.com/">Safari Books Online</a> has followed through on their promise to make <span class="blsp-spelling-error" id="SPELLING_ERROR_39"><span class="blsp-spelling-error" id="SPELLING_ERROR_34">Langner's</span></span> book available to members at my request in 2011- oh yeah!</div>
<div class="MsoNormal" style="font-weight: bold;">
More:</div>
<ul>
<li>Specific <a href="http://en.wikipedia.org/wiki/Operations_security"><span class="blsp-spelling-error" id="SPELLING_ERROR_40"><span class="blsp-spelling-error" id="SPELLING_ERROR_35">OPSEC</span></span></a> lapses may have helped also helped <span class="blsp-spelling-error" id="SPELLING_ERROR_41"><span class="blsp-spelling-error" id="SPELLING_ERROR_36">Stuxnet</span></span> creators: <a href="http://www.langner.com/en/2011/12/11/an-accurate-ir-1-cascade-model/">An accurate IR-1 cascade model – <span class="blsp-spelling-error" id="SPELLING_ERROR_42"><span class="blsp-spelling-error" id="SPELLING_ERROR_37">langner</span></span>.com </a> 12/11/11 & <a href="http://www.langner.com/en/2011/12/07/the-prez-shows-his-cascade-shape/">The <span class="blsp-spelling-error" id="SPELLING_ERROR_43"><span class="blsp-spelling-error" id="SPELLING_ERROR_38">Prez</span></span> shows his cascade shape - <span style="font-size: 100%;"><span class="blsp-spelling-error" id="SPELLING_ERROR_44"><span class="blsp-spelling-error" id="SPELLING_ERROR_39">langner</span></span>.com</span></a><span style="font-size: 100%;"> 12/07/11 / More: </span><span style="font-family: "; font-size: 100%;"><a href="http://www.ted.com/talks/lang/eng/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html">TED talk </a> (10m) 3/11</span></li>
</ul>
<ul>
<li><a href="http://www.csmonitor.com/USA/2011/0922/From-the-man-who-discovered-Stuxnet-dire-warnings-one-year-later">From the man who discovered Stuxnet, dire warnings one year later</a> - <i><a class="inform_link" href="http://www.csmonitor.com/tags/topic/The+Christian+Science+Monitor" target="_self">CSMonitor.com</a> </i> 9/22/2011</li>
</ul>
<br />
<br />Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-28533613584542590502012-01-12T22:39:00.039-06:002012-02-24T10:42:31.707-06:00Welcome 2012: Leaping Into The Future With A Singularity Primer-"On track" per Ray Kurzweil as he answers the latest critics.<a href="http://www.singularitysummit.com/"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;width: 288px; height: 288px;" src="http://nhne-pulse.org/wp-content/uploads/2011/06/singularity-summit-2011.jpg" alt="" border="0" /></a><span style="font-size:100%;">The future is something I've always enjoyed focused, insightful perspective around and seems like a good topic to get my blogging <span class="blsp-spelling-error" id="SPELLING_ERROR_0">mojo</span> back in gear for 2012.<br /><br />As I've touched on in a decade-plus forward look <a style="color: rgb(51, 51, 255);" href="http://thisweekinsecurity.blogspot.com/2010/01/security-issues-into-next-decade-leap.html">2010 posting</a>, <span style="Arial","sans-serif";font-family:";color:black;" >Ray <span class="blsp-spelling-error" id="SPELLING_ERROR_1">Kurzweil</span>’s “</span><a style="color: rgb(51, 51, 255);" href="http://www.amazon.com/gp/product/0143037889?ie=UTF8&tag=thiweeinsec-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0143037889"><span style="Arial","sans-serif";font-family:";" >Singularity is Near: When Humans Transcend Biology</span></a><span style="Arial","sans-serif"; font-family:";color:black;" >” 2005 book (672p) provides a science derived, profound view of how <i>exponentially </i>accelerating IT is driving ever increasing broader advancements. A very well executed, cited work in my opinion, with anticipated continuing advancements resulting in very dramatic changes affecting humanity over the next several decades (2020s genetics, 2030s <span class="blsp-spelling-error" id="SPELLING_ERROR_2">nanotech</span> followed by an intelligence take off, already in progress – i.e. </span><a style="color: rgb(51, 51, 255);" href="http://en.wikipedia.org/wiki/Technological_singularity"><span style="Arial","sans-serif"font-family:";" >technological singularity</span></a><span style="Arial","sans-serif";font-family:";color:black;" >). One does not have to agree with all the points and conclusions raised in order to appreciate and gain much. <i>This work was also released in 2011 as an </i></span><a style="color: rgb(51, 51, 255);" href="http://www.audible.com/pd/ref=sr_1_1?asin=B004Z48FYU&qid=1325016174&sr=1-1"><i><span style="Arial","sans-serif"font-family:";" >Audible <span class="blsp-spelling-error" id="SPELLING_ERROR_3">audiobook</span></span></i></a><i><span style="Arial","sans-serif";font-family:";color:#1F497D;" > </span></i><i><span style="Arial","sans-serif";font-family:";color:black;" >(unabridged, 25 hours).</span></i><span style="Arial","sans-serif";font-family:";color:black;" > </span></span> <span style="font-size:100%;"><br /><br /></span><span style="color: rgb(0, 0, 0);font-size:100%;" ><b><u><span style="Arial","sans-serif";font-family:";" >Singularity Primer 2012</span></u></b><b><u><span style="Arial","sans-serif";font-family:";" >:</span></u></b></span><span style="font-size:100%;"><span style="font-weight: bold;"></span><br /></span><ul><li><span style="font-size:100%;"><b><span style="Arial","sans-serif";font-family:";color:black;" >Video: </span></b><a href="http://online.wsj.com/video/kurzweil-a-future-of-humans-merged-with-machines/3966A6F7-F89D-457B-8880-701319EBA11B.html"><span style="color: rgb(51, 51, 255);font-family:";color:#0000CC;" >Futurist Ray</span><span style="color: rgb(51, 51, 255);font-family:";color:#1F497D;" > Kurzweil </span><span style="color: rgb(51, 51, 255);font-family:";color:#0000CC;" >Says Mankind Will One Day Live Forever</span><span style="color: rgb(51, 51, 255);font-family:";color:#1F497D;" >, </span><span style="Arial","sans-serif"; font-family:";color:#0000CC;" ><span style="color: rgb(51, 51, 255);">WSJ June20</span>1</span><span style="Arial","sans-serif"; font-family:";color:#1F497D;" >1 (10m)</span></a><span style="Arial","sans-serif"; font-family:";color:#0000CC;" > </span><span style="Arial","sans-serif"; font-family:";color:#1F497D;" > </span><span style="Arial","sans-serif"; font-family:";color:black;" >Quick overview.<br /><br /></span></span></li><li><span style="font-size:100%;"><b><span style="Arial","sans-serif";font-family:";color:black;" >Video: </span></b><a href="http://www.zentation.com/viewer/index.php?passcode=rJukJRYuFz"><span style="color: rgb(51, 51, 255);font-family:";color:#0000CC;" >The Impact of Accelerating IT on War and Peace- Army 26<sup>th</sup> Science Conference- Kurzweil Dec 2008</span><span style="Arial","sans-serif"; font-family:";color:#1F497D;" ><span style="color: rgb(51, 51, 255);">) (55m</span>)</span></a><span style="Arial","sans-serif"; font-family:";color:black;" > and supporting </span><a style="color: rgb(51, 51, 255);" href="http://dl.dropbox.com/u/1712646/KAIN12108-26th_Army_Science_Conference.pdf"><span style="Arial","sans-serif";font-family:";" >slides</span></a><span style="color: rgb(51, 51, 255);font-family:";color:#0000CC;" > </span><span style="Arial","sans-serif";font-family:";color:black;" >help explain his views</span><span style="Arial","sans-serif";font-family:";color:#1F497D;" >. </span><span style="Arial","sans-serif";font-family:";color:black;" >The talk was much broader than “War and Peace” and centered more around the implications for humanity in the not so distant future from continuing IT driven advancements. </span><span style="Arial","sans-serif";font-family:";color:#1F497D;" > </span><span style="Arial","sans-serif";font-family:";color:black;" >I found this a compelling update on his</span><span style="Arial","sans-serif";font-family:";color:#1F497D;" > </span><span style="Arial","sans-serif";font-family:";color:black;" >fascinating views- even if not all goes as predicted.<br /><br /></span></span></li><li><span style="font-size:100%;"><b><span style="Arial","sans-serif";font-family:";color:black;" >Video: </span></b><a style="color: rgb(51, 51, 255);" href="http://www.youtube.com/watch?v=WPqjYrLhDnk&list=UU1zny_jKmgnEbQitfPgAlxg&index=2&feature=plcp"><span style="Arial","sans-serif"font-family:";" >Ray Kurzweil on "From Eliza to Watson to Passing the Turing Test" at Singularity Summit 2011 (65m)</span></a><span style="Arial","sans-serif";font-family:";color:#1F497D;" ><span style="color: rgb(51, 51, 255);"> </span> </span><span style="Arial","sans-serif";font-family:";color:black;" >Ray Kurzweil kicked off the 2011 </span><a style="color: rgb(51, 51, 255);" href="http://www.singularitysummit.com/"><span style="Arial","sans-serif";font-family:";" >Singularity Summit</span></a><span style="Arial","sans-serif";font-family:";color:black;" > with some specific updates in his projections and responses to the skeptics, e.g. Paul Allan’s recent essay <span style="color: rgb(51, 51, 255);">(</span></span><a style="color: rgb(51, 51, 255);" href="http://www.technologyreview.com/blog/guest/27263/"><span style="Arial","sans-serif";font-family:";" >article</span></a><span style="Arial","sans-serif";font-family:";color:black;" ><span style="color: rgb(51, 51, 255);">)</span>.<b> </b></span></span><br /></li></ul><span style="color: rgb(0, 0, 0);font-size:100%;" ><b><u><span style="Arial","sans-serif";font-family:";" >Mor</span></u></b><b><u><span style="Arial","sans-serif";font-family:";" >e:</span></u></b></span><span style="font-size:100%;"><b><span style=";font-family:";color:black;" ><br /></span></b></span><ul><li><span style="font-size:100%;"><b><span style="Arial","sans-serif";font-family:";color:black;" >Seminar Podcast:</span></b><span style="Arial","sans-serif";font-family:";color:black;" > </span><a href="http://longnow.org/seminars/02005/sep/23/kurzweils-law/"><span style="Arial","sans-serif";font-family:";color:#0000CC;" >“Kurzweil's Law”- Ray Kurzweil (106m)</span></a><span style=";font-family:";" > <span style="color:black;">- The Long Now Foundation</span></span></span><span style="font-size:100%;"><span style="Arial","sans-serif"font-family:";" ><span style="color:black;"> - </span></span><a style="color: rgb(51, 51, 255);" href="http://download.fora.tv/rss_media/Long_Now_Podcasts/podcast-2005-09-23-kurzweil.mp3"><span style="Arial","sans-serif"font-family:";" >audio download</span></a><span style="Arial","sans-serif";font-family:";color:black;" > is free<br /><br /></span></span></li><li><b><span style="Arial","sans-serif";font-family:";color:black;" >Video/Article:</span></b><span style="Arial","sans-serif";font-family:";color:black;" > “</span><a style="color: rgb(51, 51, 255);" href="http://singularityhub.com/2011/05/03/kurzweil-3-supplements-to-let-you-live-until-the-singularity-video/"><span style="Arial","sans-serif"font-family:";" >Kurzweil: 3 Supplements To Let You Live Until The Singularity (1m)</span></a><span style="Arial","sans-serif"; font-family:";color:#1F497D;" >”</span><span style="Arial","sans-serif"; font-family:";color:black;" > </span><span style="Arial","sans-serif";font-family:";color:#1F497D;" > <span style="color: rgb(0, 0, 0);">May 2011 </span></span><span style="color: rgb(0, 0, 0);font-family:";color:black;" > </span><br />- Coenzyme Q10<span style="Arial","sans-serif";font-family:";color:black;" ><br />- Phosphatidylcholine (</span><span class="st1"><span style="Arial","sans-serif";mso-ansi-language:ENfont-family:";color:#222222;" lang="EN" >derived from lecithin</span></span>)<span style="font-size:100%;"><span style="Arial","sans-serif";font-family:";color:black;" ><br />- Vitamin D (perhaps the most critical of the three)<br /><br /></span></span></li><li><b><span style="Arial","sans-serif"; font-family:";color:black;" >Movie: </span></b><a href="http://movies.netflix.com/Movie/Transcendent-Man/70117003"><span style="Arial","sans-serif";font-family:";color:#0000CC;" >Transcendent Man (2009)- Netflix Instant Play</span></a><span style="Arial","sans-serif"; font-family:";color:#0000CC;" > </span><span style="Arial","sans-serif"; font-family:";color:#1F497D;" > </span><i><span style="Arial","sans-serif"; font-family:";color:black;" >Inventor and futurist Ray Kurzweil is the subject of this documentary that follows him on a world speaking tour in which he expounds on his ideas about the merging of man and machine, which he predicts will occur in the not-so-distant future. The visionary who invented the first text-to-speech synthesizer and much more raises eyebrows here with his wildly optimistic views of a technology-enhanced future. </span></i>I give it B- rating.. but worth seeing once for most. </li></ul><span style="font-weight: bold;font-size:100%;" >The Singularity is something that may utimately be an overwelming primary factor in shaping our future- very interesting indeed! </span><style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";} </style><!-- [endif] <span style="font-size:100%;"><br /><br /><span style="color: rgb(0, 0, 0);font-size:100%;"><b><u><span style="Arial","sans-serif";font-family:"">Singularity Primer 2012</span></u></b><b><u><span style="Arial","sans-serif";font-family:"">:</span></u></b></span><span style="font-size:100%;"><span style="font-weight: bold;"></span><br /></span><ul><li><span style="font-size:100%;"><b><span style="Arial","sans-serif";font-family:"color:black;">Video: </span></b><a href="http://online.wsj.com/video/kurzweil-a-future-of-humans-merged-with-machines/3966A6F7-F89D-457B-8880-701319EBA11B.html"><span style="color: rgb(51, 51, 255);font-family:"color:#0000CC;">Futurist Ray</span><span style="color: rgb(51, 51, 255);font-family:"color:#1F497D;"> Kurzweil </span><span style="color: rgb(51, 51, 255);font-family:"color:#0000CC;">Says Mankind Will One Day Live Forever</span><span style="color: rgb(51, 51, 255);font-family:"color:#1F497D;">, </span><span style="Arial","sans-serif"; font-family:"color:#0000CC;"><span style="color: rgb(51, 51, 255);">WSJ June20</span>1</span><span style="Arial","sans-serif"; font-family:"color:#1F497D;">1 (10m)</span></a><span style="Arial","sans-serif"; font-family:"color:#0000CC;"> </span><span style="Arial","sans-serif"; font-family:"color:#1F497D;"> </span><span style="Arial","sans-serif"; font-family:"color:black;">Quick overview.<br /><br /></span></span></li><li><span style="font-size:100%;"><b><span style="Arial","sans-serif";font-family:"color:black;">Video: </span></b><a href="http://www.zentation.com/viewer/index.php?passcode=rJukJRYuFz"><span style="color: rgb(51, 51, 255);font-family:"color:#0000CC;">The Impact of Accelerating IT on War and Peace- Army 26<sup>th</sup> Science Conference- Kurzweil Dec 2008</span><span style="Arial","sans-serif"; font-family:"color:#1F497D;"><span style="color: rgb(51, 51, 255);">) (55m</span>)</span></a><span style="Arial","sans-serif"; font-family:"color:black;"> and supporting </span><a style="color: rgb(51, 51, 255);" href="http://dl.dropbox.com/u/1712646/KAIN12108-26th_Army_Science_Conference.pdf"><span style="Arial","sans-serif";font-family:"">slides</span></a><span style="color: rgb(51, 51, 255);font-family:"color:#0000CC;"> </span><span style="Arial","sans-serif";font-family:"color:black;">help explain his views</span><span style="Arial","sans-serif";font-family:"color:#1F497D;">. </span><span style="Arial","sans-serif";font-family:"color:black;">The talk was much broader than “War and Peace” and centered more around the implications for humanity in the not so distant future from continuing IT driven advancements. </span><span style="Arial","sans-serif";font-family:"color:#1F497D;"> </span><span style="Arial","sans-serif";font-family:"color:black;">I found this a compelling update on his</span><span style="Arial","sans-serif";font-family:"color:#1F497D;"> </span><span style="Arial","sans-serif";font-family:"color:black;">fascinating views- even if not all goes as predicted.<br /><br /></span></span></li><li><span style="font-size:100%;"><b><span style="Arial","sans-serif";font-family:"color:black;">Video: </span></b><a style="color: rgb(51, 51, 255);" href="http://www.youtube.com/watch?v=WPqjYrLhDnk&list=UU1zny_jKmgnEbQitfPgAlxg&index=2&feature=plcp"><span style="Arial","sans-serif"font-family:"">Ray Kurzweil on "From Eliza to Watson to Passing the Turing Test" at Singularity Summit 2011 (65m)</span></a><span style="Arial","sans-serif";font-family:"color:#1F497D;"><span style="color: rgb(51, 51, 255);"> </span> </span><span style="Arial","sans-serif";font-family:"color:black;">Ray Kurzweil kicked off the 2011 </span><a style="color: rgb(51, 51, 255);" href="http://www.singularitysummit.com/"><span style="Arial","sans-serif";font-family:"">Singularity Summit</span></a><span style="Arial","sans-serif";font-family:"color:black;"> with some specific updates in his projections and responses to the skeptics, e.g. Paul Allan’s recent essay <span style="color: rgb(51, 51, 255);">(</span></span><a style="color: rgb(51, 51, 255);" href="http://www.technologyreview.com/blog/guest/27263/"><span style="Arial","sans-serif";font-family:"">article</span></a><span style="Arial","sans-serif";font-family:"color:black;"><span style="color: rgb(51, 51, 255);">)</span>.<b> </b></span></span><br /></li></ul><span style="color: rgb(0, 0, 0);font-size:100%;"><b><u><span style="Arial","sans-serif";font-family:"">Mor</span></u></b><b><u><span style="Arial","sans-serif";font-family:"">e:</span></u></b></span><span style="font-size:100%;"><b><span style=";font-family:"color:black;"><br /></span></b></span><ul><li><span style="font-size:100%;"><b><span style="Arial","sans-serif";font-family:"color:black;">Seminar Podcast:</span></b><span style="Arial","sans-serif";font-family:"color:black;"> </span><a href="http://longnow.org/seminars/02005/sep/23/kurzweils-law/"><span style="Arial","sans-serif";font-family:"color:#0000CC;">“Kurzweil's Law”- Ray Kurzweil (106m)</span></a><span style=";font-family:""> <span style="color:black;">- The Long Now Foundation</span></span></span><span style="font-size:100%;"><span style="Arial","sans-serif"font-family:""><span style="color:black;"> - </span></span><a style="color: rgb(51, 51, 255);" href="http://download.fora.tv/rss_media/Long_Now_Podcasts/podcast-2005-09-23-kurzweil.mp3"><span style="Arial","sans-serif"font-family:"">audio download</span></a><span style="Arial","sans-serif";font-family:"color:black;"> is free<br /><br /></span></span></li><li><b><span style="Arial","sans-serif";font-family:"color:black;">Video/Article:</span></b><span style="Arial","sans-serif";font-family:"color:black;"> “</span><a style="color: rgb(51, 51, 255);" href="http://singularityhub.com/2011/05/03/kurzweil-3-supplements-to-let-you-live-until-the-singularity-video/"><span style="Arial","sans-serif"font-family:"">Kurzweil: 3 Supplements To Let You Live Until The Singularity (1m)</span></a><span style="Arial","sans-serif"; font-family:"color:#1F497D;">”</span><span style="Arial","sans-serif"; font-family:"color:black;"> </span><span style="Arial","sans-serif";font-family:"color:#1F497D;"> <span style="color: rgb(0, 0, 0);">May 2011 </span></span><span style="color: rgb(0, 0, 0);font-family:"color:black;"> </span><br />- Coenzyme Q10<span style="Arial","sans-serif";font-family:"color:black;"><br />- Phosphatidylcholine (</span><span class="st1"><span style="Arial","sans-serif";mso-ansi-language:ENfont-family:"color:#222222;" lang="EN">derived from lecithin</span></span>)<span style="font-size:100%;"><span style="Arial","sans-serif";font-family:"color:black;"><br />- Vitamin D (perhaps the most critical of the three)<br /><br /></span></span></li><li><b><span style="Arial","sans-serif"; font-family:"color:black;">Movie: </span></b><a href="http://movies.netflix.com/Movie/Transcendent-Man/70117003"><span style="Arial","sans-serif";font-family:"color:#0000CC;">Transcendent Man (2009)- Netflix Instant Play</span></a><span style="Arial","sans-serif"; font-family:"color:#0000CC;"> </span><span style="Arial","sans-serif"; font-family:"color:#1F497D;"> </span><i><span style="Arial","sans-serif"; font-family:"color:black;">Inventor and futurist Ray Kurzweil is the subject of this documentary that follows him on a world speaking tour in which he expounds on his ideas about the merging of man and machine, which he predicts will occur in the not-so-distant future. The visionary who invented the first text-to-speech synthesizer and much more raises eyebrows here with his wildly optimistic views of a technology-enhanced future. </span></i>I give it B- rating.. but worth seeing once for most. </li></ul><span style="font-weight: bold;font-size:100%;">The Singularity is something that may utimately be an overwelming primary factor in shaping our future- very interesting indeed! </span> <!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>EN-US</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:enableopentypekerning/> <w:dontflipmirrorindents/> <w:overridetablestylehps/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif][if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif][if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";} </style> <![endif]-->Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-87728813683798038472011-11-19T22:30:00.059-06:002012-01-05T23:01:39.914-06:00False Alarm? Russia Cyber Attack on Water System SCADA Reported-Cybersecurity back in limelight, asserting more intrusion(s)<div><div><span class="Apple-style-span" style="font-family:arial;font-size:100%;"><b><span style="color: rgb(51, 51, 255); text-decoration: underline;" class="Apple-style-span">1</span><span class="Apple-style-span"><span style="color: rgb(51, 51, 255); text-decoration: underline;">1/23/2011 Update - A False Alarm?</span></span></b></span><span class="Apple-style-span" style="font-family:arial;font-size:100%;"><b><span class="Apple-style-span"><span style="color: rgb(51, 51, 255);"><span style="color: rgb(204, 0, 0);"> </span></span></span></b></span></div><div><span class="Apple-style-span" style="font-family:arial;font-size:100%;"><b><span class="Apple-style-span"><span style="color: rgb(51, 51, 255);"><span style="color: rgb(204, 0, 0);">*</span></span></span></b></span><span class="Apple-style-span" style="font-family:arial;font-size:100%;"><b><span class="Apple-style-span"><span style="color: rgb(51, 51, 255);"><span style="color: rgb(204, 0, 0);">** ANSWER: Yes *** </span></span></span></b></span><b style="font-family:arial;font-size:100%;"><span class="Apple-style-span"><span style="color: rgb(51, 51, 255); text-decoration: underline;"><em><br />For the initial Nov14th report per DHS- with more "pr0f" (proof) hackery being demonstrated and investigated !</em></span></span></b></div><div><span style="text-decoration: underline;font-family:arial;font-size:100%;" ><span style="font-weight: bold;"><br /></span></span><span style="font-family:arial;font-size:100%;">As the week of Nov 14</span><span id="SPELLING_ERROR_0" class="blsp-spelling-error" style="font-family:arial;font-size:100%;"><span id="SPELLING_ERROR_0" class="blsp-spelling-error">th</span></span><span style="font-family:arial;font-size:100%;"> closed, a reportedly "confirmed" water system intrusion discovered after equipment damage prompted a sensitive fusion center advisory, quickly followed by more public coverage:<br /></span></div><span class="Apple-style-span" style="font-family:arial;font-size:100%;"><br />- Issue discovered Nov 8<span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error">th</span></span> after pump burned up due to power cycling.<br />- Believed credentials used stemmed from supplier/vendor breach (e.g. perhaps via <span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error">phishing</span></span>)<br /><span>- </span><span>May have been compromised for months with ongoing "instability glitches" dismissed </span><br />- Involved access from Russian Internet addresses.<br /><br />A Nov 10<span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error">th</span></span> Illinois fusion center report serving as initial notice regarding this matter was obtained by <a href="http://news.cnet.com/8301-27080_3-20004505-245.html">Joe Weiss, crusader f</a><a href="http://news.cnet.com/8301-27080_3-20004505-245.html">or critical infrastructure security</a>, who then broke the story providing some particulars to major media. A statement released by <span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error">DHS</span></span> spokesman Peter <span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error">Boogaard</span></span> downplayed the matter “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”</span><div style="font-family:arial;"><span class="Apple-style-span" style="font-size:100%;"><br /></span></div><div style="font-family:arial;"><div style="color: rgb(51, 51, 255);"><span class="Apple-style-span" style="font-size:100%;"><b><u>11/23/2011 Update</u> </b></span></div><div style="color: rgb(51, 51, 255);"><span class="Apple-style-span" style="font-size:100%;">Illinois intelligence fusion center reported Tuesday 11/22 that earlier reports of a water utility hacked cannot be substantiated, according to a <span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error">DHS</span></span> announcement. Joe Weiss's quote to Wired.com - <i>“This smells to high holy heaven, because when you look at the Illinois report, nowhere was the word preliminary ever used,” Weiss said, noting that the fusion center — which is composed of Illinois state police, as well as representatives from the FBI and <span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error">DHS</span></span> — distributed the report to other critical infrastructure facilities in that state. “It was just laying out facts. How do the facts all of a sudden all fall apart?”</i></span></div><div><span class="Apple-style-span" style="font-size:100%;"><br /></span></div></div><div style="font-family:arial;"><span class="Apple-style-span" style="font-size:100%;"><br /></span> </div><div style="font-family:arial;"><span class="Apple-style-span" style="font-size:100%;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i41.tinypic.com/ip0aa0.png"></a>Following the initial DHS statement, a <a href="http://pastebin.com/Wx90LLum"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error">PGP</span></span> signed posting by "<span style="font-weight: bold;">pr0f</span>"</a> asserted evidence of <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp0jHth4wNJH-D71VzvAAjvgp-SDATjH-B03tP2N9rHztrINIzsFF74mX8sI-nKbZrzlcyNVJIsuOFuUFMpDjH08px9hwgTyZQv8F-kEmS2FFBmM5_WSpTLvfbzZhx5zn1Gymkf1RfGaOQ/s1600/Screen_shot_2011-11-18-Houston.png"><img style="margin: 0px 0px 10px 10px; width: 320px; height: 218px; float: right; cursor: pointer;" id="BLOGGER_PHOTO_ID_5691386280897155586" border="0" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjp0jHth4wNJH-D71VzvAAjvgp-SDATjH-B03tP2N9rHztrINIzsFF74mX8sI-nKbZrzlcyNVJIsuOFuUFMpDjH08px9hwgTyZQv8F-kEmS2FFBmM5_WSpTLvfbzZhx5zn1Gymkf1RfGaOQ/s320/Screen_shot_2011-11-18-Houston.png" /></a>gaining unauthorized access a second water treatment facility <span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error">SCADA</span></span> with five screen shots and statement, excerpt: <span style="font-style: italic;"> "I dislike, immensely, how the <span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error">DHS</span></span> tend to downplay h</span><span style="font-style: italic;">ow absolutely F*****D the state of national infrastructure is....I've also seen various people doubt the possibility an attack like this could be done. So, <span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error">y'know</span></span>. The city of South</span><span style="font-style: italic;"> Houston has a really insecure system. Wanna see? I know ya do... "</span><br /><br /><span><br /><div style="color: rgb(51, 51, 255); font-weight: normal;"><span class="Apple-style-span"><b><u>11/23/2011 Update</u> </b></span></div><div style="font-family:arial;"><span class="Apple-style-span"><span style="color: rgb(51, 51, 255);" class="Apple-style-span"><span id="SPELLING_ERROR_12" class="blsp-spelling-error"><span id="SPELLING_ERROR_12" class="blsp-spelling-error">Sophos's</span></span> Chester <span id="SPELLING_ERROR_13" class="blsp-spelling-error"><span id="SPELLING_ERROR_13" class="blsp-spelling-error">Wisniewski</span></span> was contacted by the hacker "pr0f" regarding the South Houston, Texas intrusion. The hacker gained access through several methods (<a href="http://en.wikipedia.org/wiki/Virtual_Network_Computing"><span id="SPELLING_ERROR_14" class="blsp-spelling-error"><span id="SPELLING_ERROR_14" class="blsp-spelling-error">VNC</span></span> <span id="SPELLING_ERROR_15" class="blsp-spelling-error"><span id="SPELLING_ERROR_15" class="blsp-spelling-corrected">variant</span></span></a>, web <span id="SPELLING_ERROR_16" class="blsp-spelling-corrected">portal</span>) claiming he still has access. He also commented "<i>Don't worry, I use my powers for good and such.</i>" And also pointed out, <i>".. I am under no illusions about my level of skill. These are the least secure systems. .. </i></span><span style="color: rgb(51, 51, 255); background-color: rgb(255, 255, 255);" class="Apple-style-span"><i><span class="Apple-style-span">I was furious at the lack of proper government response. The response they gave was nothing more than 'Nothing happened. Probably.' When clearly something did happen."</span></i></span><span style="font-weight: bold;"><br /><br />What should utilities do?</span><br /><br />Mr. Weiss provided some constructive broader recommendations in his post "<a href="http://community.controlglobal.com/content/water-system-hack-system-broken">Water System Hack - The System is Broken</a>" Here are some specific suggestions for near term critical infrastructure <span id="SPELLING_ERROR_17" class="blsp-spelling-error"><span id="SPELLING_ERROR_16" class="blsp-spelling-error">cyber</span></span> risk mitigation, especially for industrial control system (<span id="SPELLING_ERROR_18" class="blsp-spelling-error"><span id="SPELLING_ERROR_17" class="blsp-spelling-error">ICS</span></span>) settings where <span id="SPELLING_ERROR_19" class="blsp-spelling-error"><span id="SPELLING_ERROR_18" class="blsp-spelling-error">cyber</span></span> security may be lapsing, not addressed in a robust manner:<br /></span><ol><li> <span class="Apple-style-span"><span style="font-weight: bold;">Identify all <span id="SPELLING_ERROR_20" class="blsp-spelling-error"><span id="SPELLING_ERROR_19" class="blsp-spelling-error">ICS</span></span> systems and their organizational management owners.</span><br /><br /></span></li><li><span class="Apple-style-span"><span style="font-weight: bold;">Audit key baseline IT security controls, identify any serious remote and local access issues</span><br /><span style="font-style: italic;">- e.g. protected perimeter, all accounts have defined need, management approval/review, access activity logging for review, antivirus where feasible, patching.<br /><br /></span></span></li><li><span class="Apple-style-span"><span style="font-weight: bold;">Consider how to assert stronger positive owner access control, especially for remote access</span><br /><span><i>-e.g. remote access normally disabled when not needed, logging all access events, <span id="SPELLING_ERROR_21" class="blsp-spelling-error"><span id="SPELLING_ERROR_20" class="blsp-spelling-error">multifactor</span></span> token required/kept in house for vendor call in, protected jump box use instead of opening full throat network paths, segmentation when multiple vendor solutions are involved.</i><br /><i style="color: rgb(51, 51, 255);"><span style="font-weight: bold;">Note:</span> A good place to start is closely studying <span style="font-weight: bold;" id="SPELLING_ERROR_22" class="blsp-spelling-error"><span id="SPELLING_ERROR_21" class="blsp-spelling-error">NERC's</span></span><span style="font-weight: bold;"> July 2011 "</span><a style="font-weight: bold;" href="http://www.nerc.com/fileUploads/File/Events%20Analysis/FINAL-Guidance_for_Secure_Interactive_Remote_Access.pdf">Guidance for Secure Interactive Remote Access</a><span style="font-weight: bold;">" </span></i><br /><br /></span></span></li><li><span class="Apple-style-span"><span style="font-weight: bold;">Implemented initial improvement options based on risk informed priority.</span><br /><span style="font-style: italic;">- proceed based on management engaged approval/direction, document and implement, monitor and report progress.<br /><br /></span></span></li><li><span class="Apple-style-span"><span style="font-weight: bold;">Pursue ongoing, broader <span id="SPELLING_ERROR_23" class="blsp-spelling-error"><span id="SPELLING_ERROR_22" class="blsp-spelling-error">ICS</span></span> security improvements </span><br /><span style="font-style: italic;">- after getting basic IT-centric hardening measures in place, tools such as </span><a style="font-style: italic; font-weight: bold;" href="http://www.us-cert.gov/control_systems/satool.html"><span id="SPELLING_ERROR_24" class="blsp-spelling-error"><span id="SPELLING_ERROR_23" class="blsp-spelling-error">DHS's</span></span> <span id="SPELLING_ERROR_25" class="blsp-spelling-error"><span id="SPELLING_ERROR_24" class="blsp-spelling-error">CSET</span></span> (<span id="SPELLING_ERROR_26" class="blsp-spelling-error"><span id="SPELLING_ERROR_25" class="blsp-spelling-error">Cyber</span></span> Security Evaluation Tool) - free for critical infrastructure organizations</a><span style="font-style: italic;"> are available to build better understanding of <span id="SPELLING_ERROR_27" class="blsp-spelling-error"><span id="SPELLING_ERROR_26" class="blsp-spelling-error">ICS</span></span> security susceptibilities and consequences, measure risk, and identify, prioritize further security improvements. </span><br /></span></li></ol><span class="Apple-style-span" style="font-size:100%;"><span>Any such attack damaging a water utility's pump is more akin to amateur antics than part of any organized nation state effort in my opinion. Regardless, even if this turns out to be a false alarm for causing of equipment damage, many related "what ifs" will be asked by media and others. We can expect various hats of hackers (white, grey, black) interest will also increase (<a href="http://www.digitalbond.com/2010/11/02/what-you-should-know-about-shodan-and-scada/"><span style="color: rgb(51, 51, 255);"><span id="SPELLING_ERROR_28" class="blsp-spelling-error"><span id="SPELLING_ERROR_27" class="blsp-spelling-error">SHODAN</span></span> anyone?</span></a>). Industrial control systems, including <span id="SPELLING_ERROR_29" class="blsp-spelling-error"><span id="SPELLING_ERROR_28" class="blsp-spelling-error">SCADA</span></span>, are widely used to support a number of critical infrastructure functions. Secured communication paths and protected remote access must be ensured. Organizations that have blindly entrusted their vendor to adequately address <span id="SPELLING_ERROR_30" class="blsp-spelling-error"><span id="SPELLING_ERROR_29" class="blsp-spelling-error">cybersecurity</span></span> in an increasing risk environment need to do more. People, process, technology requirements addressing security in such settings must be understood, documented, supported (with enforcement), and continue to be further developed.</span><br /><br /><br /><span style="font-weight: bold;">More/sources:</span><br /><br />-<span class="Apple-style-span"> <a href="http://krebsonsecurity.com/2011/11/cyber-strike-on-city-water-system/#more-12401"><span id="SPELLING_ERROR_31" class="blsp-spelling-error"><span id="SPELLING_ERROR_30" class="blsp-spelling-error">Cyber</span></span> Intrusion Blamed for Hardware Failure at Water Utility</a>- <span id="SPELLING_ERROR_32" class="blsp-spelling-error"><span id="SPELLING_ERROR_31" class="blsp-spelling-error">KrebsonSecurity</span></span> 11/18/2011<br />- <a href="http://www.wired.com/threatlevel/2011/11/hackers-destroy-water-pump/2">H(<span id="SPELLING_ERROR_33" class="blsp-spelling-error"><span id="SPELLING_ERROR_32" class="blsp-spelling-error">ackers</span></span>)<sub>2</sub>O: Attack on City Water Station Destroys Pump</a>- Wired.com 11/18/2011<br />- <a href="http://www.linkedin.com/share?viewLink=&sid=s710264200&url=http%3A%2F%2Ft%2Eco%2Fx4CIJsul&urlhash=ARvK&uid=5543737463152840704&trk=NUS_UNIU_SHARE-lnk">Second Water Utility Reportedly hit by hack attack </a>- The Register 11/18/2011<br /><span style="font-style: italic;"> -proof of concept Intrusion</span><br />- <a href="http://www.chron.com/news/houston-texas/article/Hacker-targets-South-Houston-sewer-system-2277795.php">Hacker targets South Houston Sewer System </a>- The Houston Chronicle 11/19/2011</span><br />- <a href="http://www.digitalbond.com/2010/11/02/what-you-should-know-about-shodan-and-scada/">What You Should Know About <span id="SPELLING_ERROR_34" class="blsp-spelling-error"><span id="SPELLING_ERROR_33" class="blsp-spelling-error">SHODAN</span></span> and <span id="SPELLING_ERROR_35" class="blsp-spelling-error"><span id="SPELLING_ERROR_34" class="blsp-spelling-error">SCADA</span></span> </a>- <span id="SPELLING_ERROR_36" class="blsp-spelling-error"><span id="SPELLING_ERROR_35" class="blsp-spelling-error">DigitalBond</span></span> 11/2/2010<br /></span></div></span></span></div><div style="color: rgb(51, 51, 255);font-family:arial;" ><span class="Apple-style-span" style="font-size:100%;"><br /></span></div><div style="color: rgb(51, 51, 255);"><div><span style="color: rgb(51, 51, 255);font-family:arial;font-size:100%;" class="Apple-style-span" ><u><b><span class="Apple-style-span">11/23/2011 Update - False Alarm</span>?</b></u><span style="text-decoration: underline;"><span style="font-weight: bold;"><br /></span></span>- <a href="http://www.wired.com/threatlevel/2011/11/scada-hack-report-wrong/">Confusion Center: Feds Now Say Hacker <span id="SPELLING_ERROR_37" class="blsp-spelling-error"><span id="SPELLING_ERROR_36" class="blsp-spelling-error">Didn</span></span>’t Destroy Water Pump</a> - Wired.com 11/22/2011<br />- <a href="http://nakedsecurity.sophos.com/2011/11/22/interview-with-scada-hacker-pr0f-about-the-state-of-infrastructure-security/">Interview with <span id="SPELLING_ERROR_38" class="blsp-spelling-error"><span id="SPELLING_ERROR_37" class="blsp-spelling-error">SCADA</span></span> hacker pr0f about the state of infrastructure security</a> - <span id="SPELLING_ERROR_39" class="blsp-spelling-error"><span id="SPELLING_ERROR_38" class="blsp-spelling-error">NakedSecurity</span></span>, <span id="SPELLING_ERROR_40" class="blsp-spelling-error"><span id="SPELLING_ERROR_39" class="blsp-spelling-error">Sophos</span></span>.com 11/22/2011</span><span style="color: rgb(51, 51, 255);font-family:arial;font-size:100%;" ><br /></span><span style="color: rgb(51, 51, 255);font-family:arial;font-size:100%;" >- </span><span style="color: rgb(51, 51, 255);font-family:arial;font-size:100%;" ><a href="http://community.controlglobal.com/content/illinois-water-hack-test-system-disclosure-%E2%80%93-it-broken">The Illinois Water Hack Is a Test of the System for Disclosure – Is It Broken?</a></span><span style="color: rgb(51, 51, 255);font-family:arial;font-size:100%;" > - Joe Weiss, Unfettered Blog</span><span style="font-family:arial;font-size:100%;"><br /></span><span style="font-size:100%;"><br /></span></div></div></div>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-61802168474024996202011-09-20T22:23:00.006-05:002011-09-21T22:18:02.655-05:00EU BlackHat 2011: Cyberwar Overhyped, Escalating Cyber Conflict The Issue- EU Keynote counters Ex-CIA Official's Warning<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://www.blackhat.com/images/bh-eu-11/bh11eu_160x600.png"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;width: 160px; height: 600px;" src="http://www.blackhat.com/images/bh-eu-11/bh11eu_160x600.png" alt="" border="0" /></a><br />While imminent Cyberwar concerns have ramped up as of late, e.g., <a href="http://thisweekinsecurity.blogspot.com/2011/08/blackhat-2011-cyberwar-is-coming-ex-cia.html">BlackHat 2011: Cyberwar is Coming- Ex-CIA Official Warns Black Hat 2011 Attendees</a>, an insightful <a href="http://www.youtube.com/watch?v=K-0dVbCaGZk">EU Black Hat 2011 - Keynote (video 1:15)</a> with <a href="http://en.wikipedia.org/wiki/Bruce_Schneier"><span style="font-style: italic;">Bruce Schneier</span></a> offers constructive and useful perspective:<br /><br /><span style="font-weight: bold;"> “It’s not that that we’re fighting cyberwar, we’re increasingly seeing war-like tactics used in broader cyber conflicts. Non-nations can now deploy war-like tactics</span><span style="font-weight: bold;">... </span><span style="font-style: italic; font-weight: bold;">a bunch of criminals getting tanks.. now what do you do?"</span> - Bruce Schneier EU BlackHat 2011<br /><br />Schneier points out that cyber war clearly is not happening now. Rhetoric surrounding cyberwar is exaggerated and harmful in its influence over policy. The debate language lacks good definitions <span style="font-style: italic;">- Don’t know when it starts, what it looks like, who is doing it, or when it’s over. </span>Using the term “war” implies we’re helpless, we need to duck and cover, the government should handle it. Many measures merited in war time pose greater risk in peace time. Advantage is on the attackers side in cyber space with technology pushing capabilities out<span style="font-style: italic;">- so easy, kids can do it.</span><br /><br />Further cyberwar high-level analysis commentary addresses topics such as preparing the battlefield, conducting attacks, etc. All advanced nations will need to have some cyber offensive capability as it's part of the war fighting theater now. It's also understood that the most advanced nations have extensive capabilities, e.g., placing logic bombs into enemy systems, potentially before broader conflicts starts. Reoccurring examples of precursor cyber-attacks being followed by more traditional military conflicts. US continues dragging feet on pursing international rules and treaties involving cyber conflicts given a perceived advantage. This stance really feeds the cyber arms race problem where every side assumes the worse. Related offensive decisions also need to be made at higher levels of government- <span style="font-style: italic;"> <a href="http://en.wikipedia.org/wiki/Stuxnet">Stuxnet</a> types of attacks are reasonable to view as an act of war.</span><br /><br />Critical Infrastructure concerns include widely believed examples of non-US criminal extortions, blackouts from hacking, e.g. Brazil. History is rich with market failure examples where common defense not adequately addressed by private industry. Private industry can only go so far and why we need government, with regulations only part of answer. The US is clearly more vulnerable than other nations; with risk is increasing, it's important to further address.<br /><br /><span style="font-weight: bold;">More:</span><br />- 60 minutes exposé - <a href="http://www.cbsnews.com/video/watch/?id=6578069n&tag=segementExtraScroller;housing">Cyber War: Sabotaging the System 6/13/2010 (video 18:02) </a><br /><span style="font-style: italic;">- “Next war might start with blackout, not a bang.” “Art of the Poss</span>ible”Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-58193608281106808312011-09-06T20:48:00.023-05:002011-09-06T22:13:26.315-05:00BlackHat and Defcon 2011: Top 10 Scariest Hacks- Network World's take on a handful meriting the most concern<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtu4clfTvlCWDxQdoBUqkPmfve0iscZ61UwZtZ8iOeC-0wfOknf7fJFBbK9XJ2keOvVTdWDQQeQCoN0tptKHdU55UEoRdANxsROvGOZn5Rfc3WaiGUvI1lKFlkX1O1tffGAd3iOaGXbbxv/s1600/Top10Scary.png"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;width: 320px; height: 231px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtu4clfTvlCWDxQdoBUqkPmfve0iscZ61UwZtZ8iOeC-0wfOknf7fJFBbK9XJ2keOvVTdWDQQeQCoN0tptKHdU55UEoRdANxsROvGOZn5Rfc3WaiGUvI1lKFlkX1O1tffGAd3iOaGXbbxv/s320/Top10Scary.png" alt="" id="BLOGGER_PHOTO_ID_5649447057312865538" border="0" /></a>Las Vegas hosted Black Hat USA 2011 and Defcon 2011 conferences dished up a number of interesting hacking demonstrations applicable for critical infrastructure organizations. The wide ranging top ten identified by Network World (<a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide1">full slide show</a>) included SCADA issues (Siemens, of course) and even a pretty significant ERP system issue (SAP).<br /><br /><span style="font-weight: bold;">Summary:</span><br /><ol><li><a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide2"><span style="font-weight: bold;">Siemens S7 hack (top one!)</span></a>. Very scary considering just how dependent real world facilities are to systems with related security problems, issues go well beyond being specific to Siemens solutions!<br /></li><li><b><a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide3">VoIP botnet control</a>. </b>Clever data ex-filtration, command and control methods using VoIP channel, touch tones phones.</li><li><b><a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide4">Powerline device takeover</a>. </b> Demonstrating a device that can tap into home power lines, monitor and control home alarm/security cameras, e.g., enable intruders to jam security gear then break in. </li><li><a style="font-weight: bold;" href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide5">Hacker drone</a>. Off-the-shelf electronics used to create WASP (wireless aerial surveillance platform) executing flight plans while doing its work (crack codes, pick up cellphone calls, etc).</li><li><b><a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide6">Car hijack via phone networks</a>. </b>Using text messages over phone links to hack a Subaru Outback car alarm, unlock doors, starting vehicle. Similar to devices used in some critical infrastructure settings, raising concerns about knocking out power grids and water supplies.</li><li><b><a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide7">Hack faces to find Social Security numbers</a>. </b>Acquiring a person's Social Security number using nothing more than social networking photo, face recognition software, and a deducing algorithm.. interesting!</li><li><b><a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide8">Remotely shut down insulin pumps</a>. </b>Exposing a very difficult to resolve wireless security problem- could be fatal in wrong circumstances. The diabetic security researcher focused on issues with his own wireless pump.. "devices weren't designed with security in mind"<br /></li><li><b><a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide9">Embedded Web server menace</a>. </b> Embedded web servers in photocopiers, printers may them easier to administer and be compromised, potentially pilfering produced documents. Easy fingerprinting and attack approaches demonstrated.</li><li><b><a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide10">Spreading false router tables</a>.</b> Demonstrated OSPF (open shortest path first) routing protocol having weaknesses permitting attackers to install false table entries on uncompromised routers, potentially affecting data streams (sending info to remote attacker) or just crippling networks. </li><li><b><a href="http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide11">SAP flaw- Authentication</a>. </b> Showed how SAP system can be broken into, gaining administrative privileges. The researcher determined that half the systems examined were vulnerable to this issue. Easy to locate target systems with Google search. SAP is working towards releasing a related security update.</li></ol><span style="font-weight: bold;">More:</span><br /><span style="font-style: italic;">- </span><a class="l" href="http://www.blogger.com/url?url=http://www.theregister.co.uk/2011/08/19/insulin_pump_hack/&rct=j&sa=X&ei=b91mTt_2F46tgQfEtOjNDA&sqi=2&ved=0CDIQ-AsoATAA&q=accountability+insulin+office+c&usg=AFQjCNGiLVjwaj_Ya-kmhWKbG7ZrnJolzw"><em style="font-style: italic;"></em>Insulin pump attack prompts call for federal probe</a> - <span class="f xsm">Register</span> 8/19/2011- <span style="font-style: italic;">Committee urges investigation into security standards for wireless medical devices.</span><br />- <a href="https://www.blackhat.com/html/bh-us-11/bh-us-11-archives.html">Black Hat 2011 USA Archive</a> video, audio, slides added since Aug 2011 conference<br />- <a href="https://www.defcon.org/html/links/dc-archives/dc-19-archive.html">DEF CON 19 Archive </a> - site stood up 9/5 w/slides, etc from Aug 2011 conferenceOrlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-47921228910731254472011-08-24T21:21:00.035-05:002011-09-10T11:15:38.697-05:00BlackHat 2011: Cyberwar is Coming- Ex-CIA Official Warns Black Hat 2011 Attendees<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://www.blackhat.com/images/bh-us-11/bh11usa_300x600.png"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;width: 300px; height: 600px;" src="https://www.blackhat.com/images/bh-us-11/bh11usa_300x600.png" alt="" border="0" /></a><br /><br /><span style="font-family: verdana;font-family:verdana;font-size:100%;color:black;" >Former U.S. counter-terrorism official <a href="http://en.wikipedia.org/wiki/Cofer_Black">Cofer Black</a>, who warned of 9/11 terrorist attacks, raised the alarm earlier this month during his Black Hat 2011 keynote that cyberwar is an imminent threat.</span><span style=" Times New Roman","serif"font-size:100%;" ><span style="font-family:verdana;"><br /></span><br /><span style="font-family:verdana;">Cyber warfare has been brought up as a significant concern by US intelligence, former officials for some time – even concerns of potential tampering with IT supply chains, etc. </span><b style="font-family: verdana;">Most view US leading with others catching up in offensive capabilities.</b><span style="font-family:verdana;"> Turnabout is fair game. Besides the obvious appeal and resonance this official’s message has with the Black Hat community and media coverage, some related points that can be </span>made: </span><p></p><span style="font-family:verdana;font-size:100%;"> </span><ul type="disc" style="font-family:verdana;"><li class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt; mso-list:l0 level1 lfo1;tab-stops:list .5in"><span style="font-size:100%;"><b><span style="Times New Roman","serif";mso-ansi-language: EN" lang="EN">S</span></b><b><span style="Times New Roman","serif"">tuxnet is the most significant example of a cyber attack against another nation state’s critical infrastructure since the Russian gas pipeline explosion in June 1982</span></b><span style=";">. <i>In the June 1982 attack, a CIA operation was launched that embedded a Trojan horse in gas pipeline regulator software the CIA knew would be stolen by the Russians. The Russians did indeed steal the software and used it in a production gas line in Siberia. The Trojan horse corrupted the gas pipeline regulation which resulted in a massive explosion, initially thought to be nuclear, until later evidence showed this wasn’t the case. The incident was classified, then later released and </i></span></span><span style="font-size:100%;"><span style="Times New Roman","serif""><i>infamously </i></span></span><span style="font-size:100%;"><span style="Times New Roman","serif""><i>documented in the </i><a href="http://www.nytimes.com/2004/02/02/opinion/02SAFI.html"><i>Farewell Dossier</i></a><i>. T</i></span><i><span style=" Times New Roman","serif";mso-ansi-language:EN" lang="EN">he KGB at the time said the blast was accidental. (Source: </span></i><span style="Times New Roman","serif""><a href="http://www.invincea.com/blog/tag/siemens-industrial-control-system/"><i><span style="mso-ansi-language:EN" lang="EN">Defending Against Stuxnet Type Threats</span></i></a></span><i><span style=" Times New Roman","serif";mso-ansi-language:EN" lang="EN"> – invincea blog)</span></i></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt; mso-list:l0 level1 lfo1;tab-stops:list .5in"><span style="font-size:100%;"><b><i><span style="Times New Roman","serif"">Government officials fear that foreign powers could surreptitiously design something into a component or printed circuit board that would end up in a piece of equipment used by the government</span></i></b><span style="Times New Roman","serif""> <i>"Maliciously tampered ICs cannot be patched," retired General Wesley Clark said in 2009. "They are the ultimate sleeper cell."</i></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto; mso-list:l0 level1 lfo1;tab-stops:list .5in"><span style="font-size:100%;"><b><i><span style="Times New Roman","serif"">Many are very skeptical that a huge US electronic 9/11 or Perl Harbor event is imminent – a view I share.</span></i></b><i><span style="Times New Roman","serif""> </span></i><span style="Times New Roman","serif"">All advanced militaries have cyberattack capabilities, including <a href="http://en.wikipedia.org/wiki/Electromagnetic_pulse">EMP strike</a> options against information technology based systems. We can expect significant nation state sponsored cyber incursions to continue, often for information gathering purposes. This may not be a true “war” but that doesn't mean we aren't losing.</span></span></li></ul> <span style="font-family: verdana;font-family:arial;font-size:100%;" >More:</span><ul style="font-family: verdana;font-family:times new roman;"><li style="font-family:times new roman;"><span style="font-size:100%;"><a href="http://www.informationweek.com/news/government/security/226900005">Ex-CIA Official Warns Black Hat Attendees of Coming Cyber-War - eWeek 8/4/2011</a></span></li><li style="font-family:times new roman;"><span style="font-size:100%;"><a href="http://www.informationweek.com/news/government/security/226900005"><span style="">Air Force To Tackle Supply Chain Security - InformationWeek 8/20/2010</span></a></span></li><li><span style="font-size:100%;"><a href="http://www.usnews.com/opinion/articles/2010/03/29/to-protect-the-us-against-cyberwar-best-defense-is-a-good-offense"><span style="Arial","sans-serif";">To Protect the U.S. Against Cyberwar, Best Defense Is a Good Offense, US News- Guest Opinion 3/29/1010 </span></a><br /></span></li></ul><span style="font-family:arial;font-size:130%;"><br /></span><span style="font-family: arial;font-family:";font-size:130%;" > </span><span style="color: rgb(0, 0, 0); font-family:arial;font-size:130%;" ></span>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-15083587455440209342010-11-19T00:04:00.008-06:002010-11-26T00:01:05.266-06:00Symantec's W32.Stuxnet Dossier- Breakthrough v1.3, Nov 2010 Dutch Profibus expert provides crucial pieces to the puzzleAs of October, much had already been research and shared with critical infrastructure organizations around Stuxnet given the broader industrial control system, DCS, SCADA implications. As provided in the publicly available Symantec's research blog series and W32.Stuxnet Dossier white paper:<br /><span style=""></span><ul><li>Stuxnet has been in play since at least 2009.</li><li>Specifically looks for Siemens PLC models S7-417 and S7-315-2, both widely deployed in the US.<span style="font-style: italic;"><br /></span></li><li><span> PLC infection only occurs when the PLC contains the</span><span> </span><span>Profibus-DP communications processor</span></li><li>Windows 64-bit platforms not affected (32-bit targeted).<span style=""></span></li><li>Malware package very sophisticated even with some sloppy controls (could’ve been more restricted and targeted, and stayed hidden longer).</li><li>The question of how to ensure the integrity of PLC code has not been addressed in detail<span style="">.</span></li></ul>Stuxnet raises the bar, serves as a road map even if not viewed as easy to repurpose by talented security researchers and hackers studying it. There has also been speculation that this type of malware may have been used to make several Iranian petrochemical facilities dramatically "go bang" in 2009.<br /><br />On Nov 12th, Eric Chien's posting <a href="http://www.symantec.com/connect/blogs/stuxnet-breakthrough">Stuxnet: A Breakthrough</a> keyed in on important tips and insights provided by a Dutch Profibus expert that helps determine exactly the purpose for Stuxnet. Symantec's updated <a href="http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf">W32.Stuxnet Dossier v1.3 Nov 2010</a> white paper now more clearly describes how the malware targets and sabotages specific models of higher speed motor driving frequency converters over an extended time frame.<br /><br />This additional insight underscores the need to increasingly manage similar potential "Advanced Persistent Threat" risks to critical infrastructure. Stuxnet's very clever payload is just one example of how similar hidden, targeted malware could pose a substantial threat to critical infrastructure even as this real world example has focused more on sabotaging systems akin to those used in uranium enrichment activities.<br /><br />More:<br /><ul><li><span style="font-size:100%;"><a href="http://www.wired.com/threatlevel/2010/11/stuxnet-clues/">Sneak Attack? Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage - Wired 11/15/2010</a><br /></span><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>EN-US</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:dontvertaligncellwithsp/> <w:dontbreakconstrainedforcedtables/> <w:dontvertalignintxbx/> <w:word11kerningpairs/> <w:cachedcolbalance/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";} </style> <![endif]--></li><li><span style="font-size:100%;"><span style=";font-family:";font-size:100%;" > <a href="http://www.digitalbond.com/index.php/2010/08/19/we-will-never-be-perfect/">We will Never Be Perfect</a> and <a href="http://www.digitalbond.com/index.php/2010/09/07/perfection-part-ii/">Perfection – Part II<span style="font-weight: normal;"> </span></a><b><a href="http://www.digitalbond.com/index.php/2010/09/07/perfection-part-ii/"><span style="font-weight: normal;">- </span></a></b></span><a href="http://www.digitalbond.com/index.php/2010/09/07/perfection-part-ii/"><span style=";font-family:";" >Dale Peterson, Digital Bond</span></a></span><span style="font-size:100%;"><span style=";font-family:";font-size:11pt;" ><br /></span></span></li><li><span style="font-size:100%;"><span style=";font-family:";font-size:11pt;" > </span></span><a href="http://www.symantec.com/connect/symantec-blogs/sr"><span style="font-size:100%;">Symantec Security Response</span> Blog</a><br /></li></ul>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-59816842453558725022010-07-04T15:38:00.041-05:002010-07-10T00:19:58.773-05:00Senate Committee Unanimously Passes Major Cybersecurity Bill- Risk mitigation shifting to continuous monitoring and dynamic responseOn June 24<span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error">th</span></span>, the Senate Homeland Security and Governmental Affairs Committee unanimously approved an amended 200 page version of a controversial <a href="http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123">The Protecting Cyberspace as a National Asset Act of 2010</a> <span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error">cyber</span></span> security bill which will move forward to the full Senate floor for consideration.<br /><br />SANS Director Alan <span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error">Paller</span></span>’s related testimony (<a href="http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=23084bec-f487-4e1c-ace9-90b7231660c2">written</a> – 17 pages, and discussed) at the June 15<span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error">th</span></span> Senate hearing: <a href="http://hsgac.senate.gov/public/index.cfm?FuseAction=Hearings.Hearing&Hearing_ID=f56ace2f-7ac6-49ff-80e3-652371bb6fa6">Protecting Cyberspace as a National Asset: Comprehensive Legislation for the 21st Century</a> (<a href="http://www.senate.gov/fplayers/I2009/urlPlayer.cfm?fn=govtaff061510p&st=795&dur=8580"><span id="SPELLING_ERROR_4" class="blsp-spelling-error">webcast</span></a>) strongly emphasizes more effective risk management and less "<span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error">paperchasing</span>" as</span> currently demanded by <span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error">FISMA</span></span> (with <span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error">NIST</span></span> standards and guidance mandatory). “When you demand that someone perform huge numbers of things, with limited budgets, you get dysfunctional results.”<br /><br />The committee's bill includes a number of key elements, many of particular interest to critical infrastructure organizations:<br /><br /><br /><ol><li><span style="font-size:85%;">Creates an Office of Cyberspace Policy in the President's Executive Office to be ran by a Senate-confirmed Director. The Director will advise the President on all <span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error">cybersecurity</span></span> matters, harmonize federal efforts to secure cyberspace and will develop a national strategy that incorporates all elements of cyberspace policy, including military, law enforcement, intelligence, and diplomatic. </span></li><li><span style="font-size:85%;">Creates a National Center for <span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error">Cybersecurity</span></span> and Communications (<span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error">NCCC</span></span>) at the Department of Homeland Security (<span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error">DHS</span></span>) to be ran by the Director. This will elevate and strengthen the Department’s <span id="SPELLING_ERROR_12" class="blsp-spelling-error"><span id="SPELLING_ERROR_12" class="blsp-spelling-error">cyber</span></span> security capabilities and authorities. The <span id="SPELLING_ERROR_13" class="blsp-spelling-error"><span id="SPELLING_ERROR_13" class="blsp-spelling-error">NCCC</span></span> will include the United States Computer Emergency Response Team (US-CERT). </span></li><li><span style="font-size:85%;">Updates the Federal Information Security Management Act (<span id="SPELLING_ERROR_14" class="blsp-spelling-error"><span id="SPELLING_ERROR_14" class="blsp-spelling-error">FISMA</span></span>) to modernize federal agencies practices of protecting their internal networks and systems. Reforms will allow agencies to <strong>move towards real-time monitoring to secure critical systems</strong> (and away from the system of after-the-fact paperwork compliance). </span></li><li><span style="font-size:85%;">Requires the <span id="SPELLING_ERROR_15" class="blsp-spelling-error"><span id="SPELLING_ERROR_15" class="blsp-spelling-error">NCCC</span></span> to work with the private sector to establish <strong>risk-based security requirements that strengthen <span id="SPELLING_ERROR_16" class="blsp-spelling-error"><span id="SPELLING_ERROR_16" class="blsp-spelling-error">cyber</span></span> security for the nation’s most critical infrastructure</strong> that, if disrupted, would result in a national or regional catastrophe. </span></li><li><span style="font-size:85%;"><strong>Requires critical infrastructure to report significant breaches</strong> to the <span id="SPELLING_ERROR_17" class="blsp-spelling-error"><span id="SPELLING_ERROR_17" class="blsp-spelling-error">NCCC</span></span> to ensure the federal government has a complete picture of the security of these sensitive networks. The <span id="SPELLING_ERROR_18" class="blsp-spelling-error"><span id="SPELLING_ERROR_18" class="blsp-spelling-error">NCCC</span></span> must share information, including threat analysis, with owners and operators regarding risks to their networks. The Act will provide <strong>specified liability protections to owners/operators that comply with the new risk-based security requirements</strong>. </span></li><li><span style="font-size:85%;">Creates a responsible framework, developed in coordination with the private sector, for the <strong>President to authorize emergency measures to protect the nation’s most critical infrastructure</strong> if a <span id="SPELLING_ERROR_19" class="blsp-spelling-error"><span id="SPELLING_ERROR_19" class="blsp-spelling-error">cyber</span></span> vulnerability is being exploited or is about to be exploited. The President must notify Congress in advance before exercising these emergency powers. Any emergency measures imposed must be the least disruptive necessary to respond to the threat and will expire after 30 days unless the President extends them. The bill authorizes no new surveillance authorities and does not authorize the government to “take over” private networks. </span></li><li><span style="font-size:85%;">Develops a <strong>comprehensive supply chain risk management strategy to address risks and threats to information technology products and services</strong> the federal government relies upon. This strategy will allow agencies to make informed decisions when purchasing IT products and services. </span></li><li><span style="font-size:85%;">Requires the Office of Personnel Management to <strong>reform the way <span id="SPELLING_ERROR_20" class="blsp-spelling-error"><span id="SPELLING_ERROR_20" class="blsp-spelling-error">cyber</span></span> security personnel are recruited, hired, and trained</strong> to ensure that the federal government has the talent necessary to lead the national <span id="SPELLING_ERROR_21" class="blsp-spelling-error"><span id="SPELLING_ERROR_21" class="blsp-spelling-error">cyber</span></span> security effort and protect its own networks. </span></li></ol>With respect to <a href="http://www.nerc.com/page.php?cid=220"><span id="SPELLING_ERROR_22" class="blsp-spelling-error"><span id="SPELLING_ERROR_22" class="blsp-spelling-error">NERC</span></span> Reliability Standards</a>, including the <span id="SPELLING_ERROR_23" class="blsp-spelling-error"><span id="SPELLING_ERROR_23" class="blsp-spelling-error">cyber</span></span> security focused <span id="SPELLING_ERROR_24" class="blsp-spelling-error"><span id="SPELLING_ERROR_24" class="blsp-spelling-error">CIPs</span></span>, an extensive compliance <span id="SPELLING_ERROR_25" class="blsp-spelling-error"><span id="SPELLING_ERROR_25" class="blsp-spelling-error">paperchase</span></span> remains underway in 2010 with both industry and regulatory bodies facing a substantial phase in of standards going through their first extensive audits. Much of the focus is based on the the language and <span id="SPELLING_ERROR_26" class="blsp-spelling-error">intepretation</span> of the Standards and associated <a href="http://www.nerc.com/page.php?cid=3">Reliability Standard Audit Worksheets (<span id="SPELLING_ERROR_27" class="blsp-spelling-error">RSAWS</span>) <em>- visit Resources at link</em></a>. Even if this bill would become law today, it could be years before related expectations and improvements are <span id="SPELLING_ERROR_28" class="blsp-spelling-error">signficantly</span> reflected in the Standards.<br /><br />More:<br /><br />- <a href="http://hsgac.senate.gov/public/index.cfm?FuseAction=Press.MajorityNews&ContentRecord_id=227d9e1e-5056-8059-765f-2239d301fb7f">Lieberman, Collins, Carper Unveil Major <span id="SPELLING_ERROR_26" class="blsp-spelling-error"><span id="SPELLING_ERROR_29" class="blsp-spelling-error">Cybersecurity</span></span> Bill to Modernize, Strengthen, and Coordinate <span id="SPELLING_ERROR_27" class="blsp-spelling-error"><span id="SPELLING_ERROR_30" class="blsp-spelling-error">Cyber</span></span> Defenses (w/video ~10m) 6/10/2010</a> <br />- <em>Other recent hearings, such as before the House <span id="SPELLING_ERROR_31" class="blsp-spelling-corrected">Appropriations</span> Committee, also <span id="SPELLING_ERROR_32" class="blsp-spelling-corrected">emphasizing</span> key elements in the bill</em>: <a href="http://appropriations.house.gov/index.php?option=com_jcalpro&Itemid=117&extmode=view&extid=1934&date=2010-04-15&return_to=L2luZGV4LnBocD9vcHRpb249Y29tX2pjYWxwcm8mYW1wO0l0ZW1pZD0xMTcmYW1wO2V4dG1vZGU9ZmxhdCZhbXA7ZGF0ZT0yMDEwLTQtMQ=="><span id="SPELLING_ERROR_33" class="blsp-spelling-error">DHS</span> <span id="SPELLING_ERROR_34" class="blsp-spelling-error">Cyber</span> Security Programs – What progress has been made and what still needs to be improved? 4/15/2010</a>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-83436924609252947182010-03-17T23:26:00.017-05:002010-04-20T23:49:11.422-05:00Cybersecurity: Utilities are Contested Territories - Fact or Hype?SANS Director Allan <span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error">Paller's</span></span></span> recent <span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error">EnergyBiz</span></span></span> <span id="SPELLING_ERROR_2" class="blsp-spelling-corrected">opinion</span> piece <a href="http://www.nxtbook.com/nxtbooks/energycentral/energybiz0310/index.php?startid=47#/49/OnePage"><strong>Utilities are Contested Territories</strong></a> presents illuminating facts driving <a href="http://en.wikipedia.org/wiki/Advanced_Persistent_Threat"><em>Advanced Persistent Threat</em> (APT)</a> <span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error">cybersecurity</span></span></span> concerns in utility settings.<br /><ul><li>The FBI reeled in 31 major utility <span id="SPELLING_ERROR_4" class="blsp-spelling-corrected">executives</span> for some <span id="SPELLING_ERROR_5" class="blsp-spelling-corrected">forensic</span>-grade calibration on how their systems have been unknowingly <span id="SPELLING_ERROR_6" class="blsp-spelling-corrected">compromised</span> over extended <span id="SPELLING_ERROR_3" class="blsp-spelling-corrected">time frames</span>.</li><li>The attacks, also affecting other areas of <span id="SPELLING_ERROR_8" class="blsp-spelling-corrected">government</span> and major businesses, are nation-state level in <span id="SPELLING_ERROR_9" class="blsp-spelling-corrected">sophistication</span> and persistence.</li><li><a href="http://itknowledgeexchange.techtarget.com/security-corner/what-is-weaponized-email/"><span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error">Weaponized</span></span></span> email</a> is the current preferred <span id="SPELLING_ERROR_11" class="blsp-spelling-corrected">technique</span> <span id="SPELLING_ERROR_4" class="blsp-spelling-corrected">facilitating</span> ongoing waves of attacks.</li><li>Key defenses were determined <span id="SPELLING_ERROR_12" class="blsp-spelling-corrected">insufficient</span> to prevent, detect, deter, and recover from the attacks.</li></ul>The article goes on to assert that more advanced utilities have learned to treat their environments as though they do not have complete control of their systems as an underlying assumption. Many of these organizations are stated to have an unprecedented level of additional defensive measures now deployed to help manage APT risks (extensive encryption, access controls, monitoring, etc).<br /><br />A preview, request-only SANS <span id="SPELLING_ERROR_13" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error">Webcast</span></span></span> delving into this topic is scheduled ahead of upcoming <a href="http://www.sans.org/scada-security-summit-2010/event.php"><strong>2010 <span id="SPELLING_ERROR_14" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error">SCADA</span></span></span> and Process Control Summit (March 24th - April 1st)</strong></a>.<br /><br /><em><span style="color:#cc0000;"><strong>Hurry if you're interested in catching this free, one-time, by request only <span id="SPELLING_ERROR_15" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error">webcast</span></span></span></strong></span>:</em><br /><ul><li><a href="http://www.sans.org/scada-security-summit-2010/#webcast"><strong>Exclusive <span id="SPELLING_ERROR_16" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error">Webcast</span></span></span>: Digging Deeper Into The Advanced Persistent Threat March 19, 2010 1:30pm EDT</strong></a> </li></ul><p>The Summit's optional workshops (provided by <span id="SPELLING_ERROR_17" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error">DHS</span></span></span>, <span id="SPELLING_ERROR_18" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error">INL</span></span></span> <span id="SPELLING_ERROR_19" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error">NERC</span></span></span>) include a very interesting new full day offering: </p><ul><li><u><a href="http://www.sans.org/scada-security-summit-2010/description.php?tid=4332"><strong><span id="SPELLING_ERROR_20" class="blsp-spelling-error"><span id="SPELLING_ERROR_12" class="blsp-spelling-error"><span id="SPELLING_ERROR_12" class="blsp-spelling-error">NERC</span></span></span> <span id="SPELLING_ERROR_21" class="blsp-spelling-error"><span id="SPELLING_ERROR_13" class="blsp-spelling-error"><span id="SPELLING_ERROR_13" class="blsp-spelling-error">Cyber</span></span></span> Risk Preparedness Assessment for the BPS Asset Owners and Operators<br /></strong></a></u>This Summit workshop on April 1st should be of particular interest for utilities further developing <span id="SPELLING_ERROR_22" class="blsp-spelling-error"><span id="SPELLING_ERROR_14" class="blsp-spelling-error"><span id="SPELLING_ERROR_14" class="blsp-spelling-error">cyber</span></span></span> security exercises. Will cover useful scenarios to learn from and apply<br /><em>- “Each entity will be provided an exercise development kit” - </em></li></ul><p></p>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-2663074082114124522010-01-17T22:00:00.039-06:002010-01-31T10:07:06.516-06:002010 Blasts in with Regulatory Cybersecurity Bar Raising- NERC CIP-002-4 (Project 706 Ph II) and NRC RG 5.71- both with NIST Enhancements<span style="font-size:xx-small;color:#660000;"><strong><u>Last updated 1/24/2010</u></strong></span><br />As 2010 opens, beefed up regulatory scope and rigor around cybersecurity on both the <strong>Bulk Electric System (BES)</strong> and commercial <strong>Nuclear Power Plant (NPP)</strong> fronts are forming up<em>- even as expanding regulatory scrutiny has been focusing on assessing the status of current requirements and programs. </em><br /><br /><strong><u>Draft NERC CIP-002-4 Released</u>. </strong>Now in Phase II, <a href="http://www.nerc.com/filez/standards/Project_2008-06_Cyber_Security.html">NERC Project 706</a> (to address <a href="http://www.ferc.gov/industries/electric/indus-act/reliability.asp">FERC Order 706-A</a>), released <em>draft</em> standard <a href="http://www.nerc.com/docs/standards/sar/CIP-002-4_2009Dec29.pdf"><strong>CIP-002-4, Cyber Security - BES Cyber System Categorization</strong></a> (16 pages, w/VSLs)<strong> </strong>in December for an informal comment period through February 12th. This version calls for significantly more extensive risk assessment process:<br /><ul><li>Substantially addresses concerns raised in Assante’s April 2009 letter – see <a href="http://www.digitalbond.com/index.php/2009/04/07/assante-throws-down-the-gauntlet-on-cip-002/">Assante Throws Down the Gauntlet on CIP-002 </a>- DigitalBond.com. </li><li>Rather just focusing what to include, requires a complete inventory list of BES Cybersecurity systems for determinations to be made.</li><li>Getting NISTy (<a href="http://thisweekinsecurity.blogspot.com/2009/08/nist-on-roll-with-historic-security.html">more</a>) with graded BES impact assessment and commensurate controls- high, medium, low (catch all) impact ranking </li><li>Emphasizes functional assurance, not just security around functions.</li><li>Specific Violation Severity Levels (VSLs) penalties called for if mis-categorization is determined to have taken place.</li><li>NPP applicability- structures, components, equipment and systems of facilities within a nuclear generation plant not regulated by the U.S. Nuclear Regulatory Commission or the Canadian Nuclear Safety.</li><li><em>More-</em> effective date is two years after approval (“eighth calendar quarter”), bottom up conservative approach with granular assessment/engineering evaluation expectations, various impact categorizations for assessment addressing inadvertent/adverse changes, example fishbone diagramming dependencies- see <a href="http://www.nerc.com/docs/standards/sar/CIP-002-4_Guidance_Doc_2009Dec29.pdf">Draft Guidance Document</a> (10 pages)<br /><br /><span style="font-size:xx-small;color:#660000;"><u><strong>Updated 1/24/2010</strong></u></span></li><li><span style="color:#660000;"><span style="color:blue;">On Feb 3rd, 2010 at 1pm EST, NERC is scheduled to host a webinar <strong>"Proposed Revisions to CIP-002-4"</strong></span> (</span><a href="https://cc.readytalk.com/cc/schedule/display.do?udc=tomq37wyp8y3"><span style="color:#660000;"><span style="color:#660000;"><strong>register</strong></span>)</span></a></li></ul><strong><u>NRC RG 5.71 Released. </u></strong>Following the November 23, 2009 deadline for NPPs to file required Cyber Security Plans for review and approval (per <a href="http://www.nrc.gov/reading-rm/doc-collections/cfr/part073/part073-0054.html">NRC Reg 10 CFR 73.54</a>), the NRC released regulatory guide <a href="http://dl.dropbox.com/u/1712646/NRC-RG5.71_CyberSecurityProgramsForNuclearFaciliites%28public_Jan2010%29.pdf"><strong>RG 5.71, Cyber Security Programs for Nuclear Facilities</strong></a> (copy, 100+ pages, including template/appendixes) earlier this month, source: <a href="http://www.nrc.gov/reading-rm/doc-collections/reg-guides/protection/active/">NRC Regulatory Guides - Materials and Plant Protection (Division 5)</a>. This now public regulatory guide formally expands and supersedes prior NRC endorsed NEI 04-04 developed by the industry. Some argue it’s like going back to a blank piece of paper to stand up a new program – not entirely true but still very dense as regulatory guides go, and also getting more NIST aligned (<a href="http://thisweekinsecurity.blogspot.com/2009/08/nist-on-roll-with-historic-security.html">more</a>). Commercial nuclear has gone through a number of development steps over the last decade, see <a href="http://www.nei.org/keyissues/safetyandsecurity/factsheets/powerplantsecuritypage5/">NEI Power Plant Security- Cybersecurity</a>.<br /><br />More perspective around RG 5.71 can be gained from reviewing NRC's <a href="http://dl.dropbox.com/u/1712646/ACRS567-CyberRG5.71_Nov2009.pdf">Advisory Committee on Reactor Safeguards (ACRS) 567th Meeting- Nov2009 - Official Transcript</a> (copy, - 330 pages, good place to start is page 98 for "cybersecurity", jump to page 275 for more specific RG 5.71 coverage). <em>This guide is writen for the cybersecurity professional and covers aspects that others may miss when reading through it.</em><br /><br /><br /><strong><u>FERC Order 706-B - NRC/NERC MOU Released</u></strong>. FERC recognized a regulatory gap with <a href="http://www.ferc.gov/industries/electric/indus-act/reliability.asp">Order 706B</a>; the NRC, primarily focused on public safety and nuclear significant aspects of NPPs, does not have regulatory scope addressing continuity of power. FERC Order 706-B states that balance of plant systems at NPPs not regulated by the NRC must comply with NERC CIP Standards and requires NRC to make a compliance filing outlining implementation schedule. A <a href="http://www.nerc.com/fileUploads/File/News/NERC-NRC%20MOU%2020091230%20executed.PDF">NRC/NERC MOU</a> released last week, establishes a working agreement consistent with FERC Order 706-B recommendations. <em>FERC's Dec 17th filing expects additional compliance filing from NERC to more clearly address (i) how determinations of systems will be made that that fall under either program (NRC Cyber or NERC CIP), and (ii) establishing an exception process for exempting systems that fall under NRC Cyber from CIP compliance.</em><br /><br /><strong>More:</strong><br /><ol><li><a href="https://www.nerc.net/nercsurvey/Survey.aspx?s=927d1020f2174bbe8d4ebaeb8c9825b6">Informal Comment Form: Project 2008-06 Cyber Security Order 706 CIP-002-4</a> <span style="color:#660000;">(due 2/12/2010)</span></li><li><a href="http://www.morganlewis.com/pubs/Energy_CyberSecurityReqs_LF_12jan10.pdf">NRC and NERC Execute Memorandum of Understanding Regarding Enforcement of Cyber Security Requirements-</a> Morgan Lewis Energy Lawflash, January 12, 2010</li><li><a href="http://www.nrc.gov/reading-rm/doc-collections/cfr/part073/part073-0054.html">NRC Reg (10 CFR 73.54) Protection of digital computer and communication systems and networks.</a> </li><li><a href="http://thisweekinsecurity.blogspot.com/2009/08/nist-on-roll-with-historic-security.html">NIST on a roll with "Historic" Security Controls Guidance (SP 800-53 Rev 3)</a><br /><br /><br /></li></ol>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-77743649645957489862010-01-09T00:48:00.036-06:002010-04-10T18:09:46.232-05:00Security Challenges Into the Next Decade and Beyond- A Leap Into the Future with Kurzweil, Suarez & JoyOver the New Year's Holiday, I dusted off and finished pressing my way through a stunning, expansive view into the not so distant future with <a href="http://en.wikipedia.org/wiki/Raymond_Kurzweil">Ray Kurzweil’s</a> tome <a href="http://www.amazon.com/gp/product/0143037889?ie=UTF8&tag=thiweeinsec-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0143037889">The Singularity Is Near: When Humans Transcend Biology</a>. In his richly cited work, huge advancements in renewable energy and storage efficiency, with microscopic fuel cells and other technologies, will capture abundant energy available for the taking in a distributed manner- intrinsically reducing unique security risks associated with centralized power stations.<br /><br />Looking at accelerating trends continuing with information technology, Kurzweil argues that <a href="http://www.kurzweilai.net/articles/art0134.html?printable=1">The Law of Accelerating Returns</a> applies to many problems once sufficiently addressed with information technology based approaches. For example, rather than traditional experimental trial by error, exponentially improving computing environments are increasingly being used to effectively model and test medical treatments virtually. Expect significant life extension and expansion improvements over the next 20 years, as well as rapidly emerging non-biological intelligence fundamentally going beyond various narrow artificial intelligence applications widely used today. Related nanotechnology will drive expanding human intelligence and also result in new existential threats as we eventually transcend our biology<em>- some heady prognostications.</em><br /><br />If you haven’t read about or heard Ray Kurzweil in depth before, here’s an informative Dec 2008 Ray Kurzweil presentation from the <em>26th Army Science Conference</em> <a href="http://www.zentation.com/viewer/index.php?passcode=rJukJRYuFz">The Impact of Accelerating IT on War and Peace - Dec 2008, <span style="color:#660000;">video 54m</span>)</a> This talk was broader than the title implies, providing his updated views and supporting presentations slides (142 w/<a href="http://dl.dropbox.com/u/1712646/KAIN12108-26th_Army_Science_Conference.pdf">pdf</a>, <a href="http://dl.dropbox.com/u/1712646/KAIN12108-26th_Army_Science_Conference.pptx">pptx</a> formats) regarding IT driven advancements and unfolding implications.<br /><br />Focusing on cyber security, non-biological computer infections or actions taken by malicious actors will increasingly be less just about compromising computers and more about harming the physical environment including humanity <em>- who wants to let their bio or nano augmented substrate be chewed up and spit out as grey goo by rapidly replicating nano-nasties or otherwise adversely repurposed?</em> So much promise and notable perils which many baby boomers may be able to witness if they stick around long enough. Kurzweil, turning 62 in Feb, is taking several hundred supplements daily and adhering to a strictly formulated diet- striving to bridge into his predicted, further life extended future bridges with continuing advancements in GNR (genetics, nanotechnology, and robotics).<br /><br />From a more current perspective, the emerging best-seller “fiction” hit in 2009 <a href="http://www.amazon.com/gp/product/0525951113?ie=UTF8&tag=thiweeinsec-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0525951113"><em>Daemon</em></a><img style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; MARGIN: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none" border="0" alt="" src="http://www.assoc-amazon.com/e/ir?t=thiweeinsec-20&l=as2&o=1&a=0525951113" width="1" height="1" />by Daniel Suarez (<a href="http://www.audible.com/adbl/site/enSearch/searchResults.jsp?D=daemon&Ntt=Daniel+Suarez&Dx=mode%2bmatchallpartial&Ntk=S_Author_Search&Ntx=mode%2bmatchallpartial&N=0&BV_UseBVCookie=Yes">audio clips</a> at audible.com) provides a present day look into what could go wrong with runaway non-biological intelligence. His <a href="http://www.amazon.com/gp/product/0525951113?ie=UTF8&tag=thiweeinsec-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0525951113">first book</a>, and just released sequel <a href="http://www.amazon.com/gp/product/0525951571?ie=UTF8&tag=thiweeinsec-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0525951571">Freedom (TM)</a><img style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; MARGIN: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none" border="0" alt="" src="http://www.assoc-amazon.com/e/ir?t=thiweeinsec-20&l=as2&o=1&a=0525951571" width="1" height="1" /> provides subtle and ruthless ways civilization could be systemically torn down by a cleverly designed artificial entity savvy in human behavior, reaching out from cyber space via <strong>online gaming</strong> and other methods, recruiting and exploiting human agents, etc. While entertaining and recommended reading, his informative, non-fiction presentation <a href="http://fora.tv/2008/08/08/Daniel_Suarez_Daemon_Bot-Mediated_Reality#fullprogram">Daemon: Bot-Mediated Reality- The Long Now Foundation (<span style="color:#660000;">video 1:20</span>)</a> emphasizes underlying themes with concerns about how humanity is increasingly facing the prospects of a Darwinian struggle with non-biological intelligence. He emphasizes key strategies and controls <u>needed now</u> to address the growing risk.<br /><br />For more on concerns about the perils – here’s a provocatively titled article <a href="http://www.wired.com/wired/archive/8.04/joy_pr.html">“Why the future doesn't need us.”- Bill Joy, Wired, April 2000</a> “Our most powerful 21st-century technologies — robotics, genetic engineering, and nanotech — are threatening to make humans an endangered species."<br /><br />More:<br /><ul><li><a href="http://www.nydailynews.com/opinions/2009/12/13/2009-12-13_top_futurist_ray_kurzweil_predicts_how_technology_will_change_humanity_by_2020.html">Top futurist, Ray Kurzweil, predicts how technology will change humanity by 2020</a> and<br /> <a href="http://www.nydailynews.com/opinions/2009/12/13/2009-12-13_ray_kurzweils_crystal_ball.html">Ray Kurzweil's Crystal Ball</a> - New York Daily News, Dec 2009</li><li><a href="http://bitbucket.kylewelsh.com/2009/12/24/china-blames-online-games-for-drugs-murder-teen-pregnancy/">China blames online games for drugs, murder, teen pregnancy</a> - bitbucket.kylewelsh.com, Dec 2009</li><li><a href="http://www.youtube.com/watch?v=1uIzS1uCOcE&NR=1">Ray Kurzweil Explains the Coming Singularity (video, 7m)</a> - bigthink.com, Apr 2009</li></ul>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com1tag:blogger.com,1999:blog-1189434011500461359.post-49218184859494994532010-01-02T22:45:00.036-06:002010-01-02T23:35:27.486-06:00Cyber Security Happy New Year 2010 - Perspective and Predictions<span style="color: #000099; font-size: 78%;">First Cut 1/2/2009 </span><br />
<strong><u></u></strong><br />
<strong><span style="color: #990000;"><u>2009 Perspective</u> <span style="color: #000099;">- </span><em><span style="color: #000099;">hot stories and list of lists</span>.</em></span></strong><br />
<ul><li><a href="http://www.computerworld.com/s/article/9135944/U.S._seeks_top_guns_for_cybersecurity_">U.S. seeks 'top guns' for cybersecurity</a> - ComputerWorld, Jul 27, 2009</li>
<li><a href="http://www.eweek.com/c/a/Security/Rogue-Antivirus-Operations-Thrive-in-2009-651924/">Rogue Antivirus Operations Thrive in 2009</a> -eWeek, Dec 22, 2009</li>
<li><a href="http://www.boston.com/business/technology/articles/2009/12/23/obama_names_a_cyber_security_chief/">Obama names a cyber security chief</a> - Boston Globe, Dec 22, 2009<br />
</li>
<li><a href="http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf">Verizon Business Issues 2009 Data Breach Supplimental Report Profiling 15 Most Common Attacks (32p)</a> Anatomy of a Data Breach' Sheds New Light on How and Why Attacks Occur <br />
<em>- Results from 600 incidents over five years make a strong case against the long-abiding and deeply held belief that insiders are behind most breaches. </em><br />
<div><em>- </em><a href="http://www.flickr.com/photos/verizonbusiness/4158917874/"><em>Top 15 threat action types </em></a><em> (flckr link) from 2009 DBIR (page 6 of 32):<br />
</em>- Where should mitigation efforts be focused?<br />
<em> a. Ensure essential controls are met.<br />
b. Find, track, and assess data.<br />
c. Collect and monitor event logs.<br />
d. Audit user accounts and credentials.<br />
e. Test and review web applications.</em><br />
</div><br />
</li>
</ul><ul><li><a href="http://www.eweek.com/c/a/Security/Top-Security-Stories-of-2009-725639/">Top Security Stories of 2009</a> - eWeek, Dec 28, 2009<br />
1. <span style="color: red;"><span style="color: #cc0000;">Conficker Countdown</span></span>, see <a href="http://www.cbsnews.com/video/watch/?id=4908267n&tag=contentMain;contentBody">"The Internet is Infected" - 60 Minutes - April 2009</a><br />
2. Cyber Security Coordinator (Czar)<br />
3. Gonzalez and His Gang Taken Down (huge takedown!)<br />
4. Social Networking and You (organizations, regulators wressle with privacy, security issues)<br />
5. Apple iPhone Security Woes (Dutch teanager discovery leads to worm attacking jailbroken phones)<br />
6. Hacktivists Stay Busy (twitter redirection to Iranina cyber army, DDos attacks, etc)<br />
7. <span style="color: #cc0000;">Electric Grid Lights Out</span> (hacker spies causing power outages, infiltrating national defenses) see <a href="http://www.cbsnews.com/video/watch/?id=5578986n&tag=related;photovideo">"Sabotaging The System" - 60 Minutes - Nov 2009</a><br />
8. F-35 Fighter Plans Hijacked by Hackers<br />
</li>
<li><a href="http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/trend_micro_2010_future_threat_report_final.pdf">The Future of Threats and Threat Technologies: How the Landscape is Changing (24 p)</a> TrendMicro, Dec 2009<em>- Several threat area predictions that that came true in 2009:<br />
</em>- Social networking sites will grow as targets;<br />
- Social engineering will become increasingly prevalent and clever - Unlike the global economy, the underground economy will continue to flourish.<br />
<strong><br />
More: <a href="http://thisweekinsecurity.blogspot.com/2009/01/cyber-security-happly-new-year-2009.html">Perspective One Year Ago</a><br />
</strong><br />
</li>
</ul><strong><span style="color: #990000;"><u>2010 and Beyond Predictions</u> </span><em><span style="color: #000099;">- more hot stories and list of lists.</span><span id="goog_1262487842488"> </span></em></strong><br />
<br />
<ul><li><a href="http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/trend_micro_2010_future_threat_report_final.pdf">The Future of Threats and Threat Technologies: How the Landscape is Changing (24 p)</a> TrendMicro, Dec 2009<br />
- No global outbreaks, but localized and targeted attacks.<br />
- It’s all about money, so cybercrime will not go away.<br />
- Windows 7 will have an impact since it is less secure than Vista in the default configuration.<br />
- Risk mitigation is not as viable an option anymore—even with alternative browsers/OSs<br />
- Malware is changing its shape—every few hours.<br />
- Drive-by infections are the norm—one Web visit is enoughto get infected.<br />
- New attack vectors will arise for virtualized/cloud environments.<br />
- Bots cannot be stopped anymore, and will be around forever.<br />
- Company/Social networks will continue to be shaken by data breaches.</li>
</ul><br />
<ul><li><a href="http://risky.biz/RB137">Risky Business #137 -- Year in review special!</a> - Patrick Gray, Dec 2009 (<a href="http://risky.biz/news_and_opinion">news and opinion</a>)<br />
<br />
<br />
<strong>More: </strong><a href="http://thisweekinsecurity.blogspot.com/2009/01/cyber-security-happly-new-year-2009.html"><strong>Predictions One Year Ago</strong></a> <br />
<br />
</li>
</ul>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-63507232636677880572009-12-25T22:38:00.030-06:002011-11-24T00:18:00.832-06:00Cloud Security FUD Addressed with Executive Overview- guidance and news as 2009 comes to a close<span style="color: rgb(51, 51, 255);">(Updated 11/24/2011)</span><br /><br />Cloud computing technology and solutions hit many critical infrastructure organizations head on in 2009, transitioning from being a vague concept to a must-have, at times mandated, in-house technology for many, a.k.a. private clouds. During this time, vendor offerings hosted in public cloud settings increasingly also provided quick start, low cost, flexibility with extensive integration options.. without much of the extra lifting and hassles running all the footprint requirements in-house. While some state that clear cloud security standards are still years off, the reality is we're already well into the realm of having to deal with public and private cloud security issues- especially at the business network level. <p>The following provides a good executive thumbnail of what decision makers need to understand in addition to the latest in more specific guidance for secure cloud computing:<br /></p><ul><li><a href="http://virtualization.sys-con.com/node/1230998">The Busy Executive’s Quick Cloud Computing Reference Guide</a> - <span class="blsp-spelling-error" id="SPELLING_ERROR_0">Virtualization</span> Journal Dec 2009 <em>— As an executive, you may be hearing many different viewpoints about Cloud Computing; some of them promising significant IT cost reductions and reductions in capital expenditures. Don't get caught off guard regarding all the technical complexities of developing and offering Cloud Computing services, the whole reason you're considering this option is so others will take care of these factors for you. Although you still need to be an educated consumer, you don't need to be in the weeds to ensure you're not caught with your pants around your ankles if you decide to use Cloud Computing services.</em></li><p></p><li><a href="http://www.cloudsecurityalliance.org/csaguide.pdf">Guidance for Critical Areas of Focus in Cloud Computing- Version 2.1 - Dec 2009 (76 pages)</a>. The <a href="http://www.cloudsecurityalliance.org/">Cloud Security Alliance (<span class="blsp-spelling-error" id="SPELLING_ERROR_1">CSA</span>)</a> newly released second version of guidance for secure adoption of cloud computing services provides more details with a good overview, addressing risks and timing, and helps simplify the decision process involved. This non-profit released their first version during the <a href="https://365.rsaconference.com/community/connect/rsa-conference-usa-2009?view=overview">2009 <span class="blsp-spelling-error" id="SPELLING_ERROR_2">RSA</span> Conference</a>. <br /><em><b>Excerpt-</b> It is hard to believe that just seven short months ago, we pulled together a diverse group of individuals from all corners of the technology industry to publish the first “Security Guidance for Critical Areas in Cloud Computing.” Since its launch, this seminal publication has continued to exceed our expectations for helping organizations around the world make informed decisions regarding if, when, and how they will adopt Cloud Computing services and technologies. But over those seven months our knowledge, and cloud computing technologies, have evolved at an astounding rate. This second version is designed to provide both new knowledge and greater depth to support these challenging decisions.<br /><br /><span style="color: rgb(51, 51, 255); font-weight: bold;">11/24/2011 Update</span></em></li><li><span style="color: rgb(51, 51, 255);">The </span><a style="color: rgb(51, 51, 255);" href="http://www.cloudsecurityalliance.org/">Cloud Security Alliance (<span class="blsp-spelling-error" id="SPELLING_ERROR_1">CSA</span>)</a><span style="color: rgb(51, 51, 255);"> </span><a style="color: rgb(51, 51, 255);" href="https://cloudsecurityalliance.org/research/initiatives/security-guidance/">released Security Considerations for Critical Areas of Cloud Computing- Version 3</a><span style="color: rgb(51, 51, 255);">, 11/14/2011</span><br /><em><span style="font-weight: bold;"></span><br /></em></li><p></p><li><a href="http://csrc.nist.gov/groups/SNS/cloud-computing/"><span class="blsp-spelling-error" id="SPELLING_ERROR_3">NIST</span> Cloud Computing Project Site</a>. <span class="blsp-spelling-error" id="SPELLING_ERROR_4">NIST's</span> Role in cloud computing is to promote the effective and secure use of the technology within government and industry by providing technical guidance and promoting standards. </li></ul>Of course, there is devil in the details which vendors are working feverishly to address and differentiate with. Microsoft's cloud undergoes annual audits for <span class="blsp-spelling-error" id="SPELLING_ERROR_5">PCI</span> <span class="blsp-spelling-error" id="SPELLING_ERROR_6">DSS</span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_7">SOX</span>, and <span class="blsp-spelling-error" id="SPELLING_ERROR_8">HIPAA</span> compliance, as well as internal assessments throughout the year. Remarkably, the Microsoft cloud has also obtained IS/<span class="blsp-spelling-error" id="SPELLING_ERROR_9">IEC</span> 27001:2005 certification (this year) in addition to <span class="blsp-spelling-error" id="SPELLING_ERROR_10">SAS</span> 70 Type 1 and II attestations. <em>ISO 27001 (formerly ISO 17799) remains one of the best information security standards available - a superset when compared with other standards (<a href="http://blogs.msdn.com/uspublicsector/archive/2009/10/14/secure-the-datacenter-secure-the-cloud.aspx">more</a>). </em>Microsoft's <a href="http://www.microsoft.com/windowsazure/">Azure</a> branded public cloud computing platform long in development, is set to go live on New Year's Day. Plans include expanding the new technology into customer settings.<em> </em><br /><br />At a technology execution level, the release of <span class="blsp-spelling-error" id="SPELLING_ERROR_11">vSphere</span> in early 2009 extended <span class="blsp-spelling-error" id="SPELLING_ERROR_12">VMware's</span> lead with significant performance, features, and security improvements - a game changer - which includes robust <a href="http://blogs.vmware.com/networking/2009/12/cisco-nexus-1000v-r12-for-vsphere-4-released.html"><span class="blsp-spelling-error" id="SPELLING_ERROR_13">Cisco</span> Nexus 1000V </a>software appliance support. Regardless of technology mix deployed, many organizations are coming to grips with <span class="blsp-spelling-error" id="SPELLING_ERROR_14">virtualization's</span> broader implications and working to spin up capabilities while the technology race presses on.<br /><br /><strong><u>Bottom Line for Critical Infrastructure</u></strong>. The implications go well beyond the basic <span class="blsp-spelling-error" id="SPELLING_ERROR_15">virtualization</span> strategy of seeking tactical operational benefits with fewer physical servers and more virtual servers. For even the most critical infrastructure settings, private cloud (aka virtualization) computing is increasingly a must have for any new large investments going forward. The cloud technology benefits are compelling (fault tolerance, hot recovery, managing growing functional and regulatory complexity, layering defenses, etc) even while introducing its own complexity and risks to manage. The future will have layered information landscapes, and underlying systems, networks, and storage increasingly <span class="blsp-spelling-error" id="SPELLING_ERROR_16">virtualized</span> and extending deeper into and well beyond the comfort zone of today's typical organizational and outsourcing boundaries.<br /><br /><strong>More:</strong><br /><ol><li><a href="http://www.infoworld.com/d/cloud-computing/five-big-questions-about-cloud-computing-814?source=IFWNLE_nlt_cloud_2009-12-28">Five big Questions about cloud computing, InfoWorld, Dec 28, 2009</a></li><li><a href="http://blogs.msdn.com/uspublicsector/archive/2009/10/14/secure-the-datacenter-secure-the-cloud.aspx">Secure the Datacenter, Secure the Cloud - Microsoft Federal Blog, Oct 2009</a></li><li><a href="http://akamai.infoworld.com/sites/infoworld.com/files/pdf/infoworld_cloudcomputing_premium.pdf">Cloud Computing Deep Dive Special Report (21 pages)- <span class="blsp-spelling-error" id="SPELLING_ERROR_18">InfoWorld</span>, Dec 2009 </a></li><li><a href="http://www.isaca.org/cloud">Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives (10 pages)- <span class="blsp-spelling-error" id="SPELLING_ERROR_19">ISACA</span>,<em> Emerging Technology White Paper & more</em>, Oct 2009 </a></li><li><a href="http://www.microsoft.com/events/podcasts/default.aspx?topic=Topic-e1a84e52-b637-4385-9260-2f14fe077c07&audience=Audience-b046181f-3333-4c19-977e-c230ed48d9c0&seriesID=Series-0f616e6e-59b3-4ed4-bc66-b1edd7522b72.xml&pageId=x5385&source=Windows-Server-Podcasts-about-Managing-a-Microsoft-Infrastructure:-Improve-Reliability-and-Performance--for-IT-Professionals">Microsoft Thrive Live! IT Professional <span class="blsp-spelling-error" id="SPELLING_ERROR_20">Virtualization</span> Tour Podcast</a></li><li><a href="http://www.vmware.com/technical-resources/podcasts/vsphere.html"><span class="blsp-spelling-error" id="SPELLING_ERROR_21">VMWare</span> <span class="blsp-spelling-error" id="SPELLING_ERROR_22">vSphere</span> <span class="blsp-spelling-error" id="SPELLING_ERROR_23">Podcasts</span> Series</a> & <a href="http://www.youtube.com/user/vmwaretv">YouTube <span class="blsp-spelling-error" id="SPELLING_ERROR_24">VMwareTV</span> Channel</a></li><li><a href="http://www.infoworld.com/d/cloud-computing/five-big-questions-about-cloud-computing-814?source=IFWNLE_nlt_cloud_2009-12-28">Cloud Computing Grows Up - Forbes, Dec 22, 2009</a></li><li><a href="http://www.informationweek.com/cloud-computing/">Plug Into the Cloud- InformationWeek's Cloud Computing Destination</a> - perspective, hot topics</li></ol><blockquote></blockquote>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-33468402444599976552009-10-18T23:00:00.005-05:002011-08-23T21:20:59.287-05:00FERC Hammers Florida Power & Light Co with $25M Civil Penalty - $5M to go above and beyond current regulatory requirementsOn Oct 8<span id="SPELLING_ERROR_0" class="blsp-spelling-error">th</span>, <a href="http://www.fpl.com/">Florida Power & Light (<span id="SPELLING_ERROR_1" class="blsp-spelling-error">FPL</span>)</a> agreed to pay a $25 million penalty after blunders by a field engineer led to a service outage affecting nearly a million customers - i.e. <a href="http://www.time.com/time/nation/article/0,8599,1717878,00.html">2008 Florida Blackout</a>.
<br />
<br />This marks the first settlement resulting from a reliability investigation by the <a href="http://www.ferc.gov/">Federal Energy Regulatory Commission (<span id="SPELLING_ERROR_2" class="blsp-spelling-error">FERC</span>)</a> enforcing a 2005 law establishing electric reliability standards. This fine won't be going to customers. Instead <span id="SPELLING_ERROR_3" class="blsp-spelling-error">FPL,</span> facing a potential of $1B+ in fines, agreed to pay $10M to the United States Treasury, $10M to the <a href="http://www.nerc.com/">North American Electric Reliability Corp. (<span id="SPELLING_ERROR_4" class="blsp-spelling-error">NERC</span>)</a>. The remaining $5 million is to go towards measures <em>beyond</em> current reliability requirements in a <span id="SPELLING_ERROR_5" class="blsp-spelling-error">regulatorily</span> approved manner- <em>otherwise, whatever remains of the last $5M will be evenly split between US Treasury and <span id="SPELLING_ERROR_6" class="blsp-spelling-error">NERC</span>.</em>
<br />
<br /><ul><li>"Today's settlement demonstrates the high priority the commission places on electric reliability,'' said Norman Bay, director of the commission's Office of Enforcement. ``The message to the industry is clear: Compliance with the standards is critical.'' </li></ul><strong><u>Holly smokes</u>!</strong> This <a href="http://www.ferc.gov/EventCalendar/Files/20091008102212-IN08-5-0001.pdf">civil settlement</a> clearly marks the end of wrist slaps for reliability violations with a whole new level of realizable penalty levels. It's also worth emphasizing that <span id="SPELLING_ERROR_7" class="blsp-spelling-error">NERC</span> <span id="SPELLING_ERROR_8" class="blsp-spelling-error">CIPs</span> <span id="SPELLING_ERROR_9" class="blsp-spelling-error">cyber</span> security focus represents just one of <em>fourteen </em>reliability groupings in current <a href="http://www.nerc.com/page.php?cid=220"><span id="SPELLING_ERROR_10" class="blsp-spelling-error">NERC</span> Reliability Standards</a>. The process reaching this settlement clarifies how <span id="SPELLING_ERROR_11" class="blsp-spelling-error">FERC</span> will increasingly be taking a very active role in industry reliability investigations going forward. Industry compliance programs will need to be reviewed and appropriately bolstered to help ensure sufficient program measures are defined and being maintained. The <span id="SPELLING_ERROR_12" class="blsp-spelling-corrected">settlement</span> also speaks to the need for continuous improvement efforts by industry aiming well beyond meeting today's reliability requirements- i.e. increasing regulatory margin. <em>Increasingly akin to commercial nuclear regulatory challenges and supporting programs- with heavy doses of auditable evidence required.
<br /></em>
<br />More:
<br /><ul><li><em>October 8, 2009 - <span id="SPELLING_ERROR_13" class="blsp-spelling-error">FERC</span> approves settlement, $25 million fine for <span id="SPELLING_ERROR_14" class="blsp-spelling-error">FPL's</span> 2008 Blackout <a href="http://www.ferc.gov/news/news-releases/2009/2009-4/10-08-09.asp">News Release</a> <a href="http://www.ferc.gov/EventCalendar/Files/20091008102212-IN08-5-0001.pdf">Decision</a> - <span id="SPELLING_ERROR_15" class="blsp-spelling-error">ferc</span>.gov</em></li><li><em><a href="http://www.miamiherald.com/news/southflorida/story/1273730.html" target="_self"><span id="SPELLING_ERROR_16" class="blsp-spelling-error">FPL</span> to pay $25M for blackout blunder</a> – Miami Herald (Oct 8, 2009)</em></li><li><em><a href="http://weblogs.sun-sentinel.com/business/realestate/housekeys/blog/2009/01/fpl_could_face_more_than_25_mi.html"><span id="SPELLING_ERROR_17" class="blsp-spelling-error">FPL</span> could face $1 billion in fines</a> – <span id="SPELLING_ERROR_18" class="blsp-spelling-error">SunSentinel</span>.com, (Jan 28, 2009) </em></li><li><em><strong>Interesting - </strong><a href="http://dl.dropbox.com/u/1712646/Upd-1_FPL-20080229.mp3"><span id="SPELLING_ERROR_19" class="blsp-spelling-error">FPL</span> Conference Call with Major Media- Preliminary Investigation Results (Audio ~45m)</a> - (Feb 29, 2009) - from <span id="SPELLING_ERROR_20" class="blsp-spelling-error">FPL</span> 2008 website posting. (<span style="color:#990000;">updated link- 8/2011</span>)</em></li></ul>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-92066908217323531712009-10-04T21:14:00.012-05:002010-11-26T00:04:46.593-06:00Striking the Right Balance: MS Windows Screensaver Locking - AutoIt: A Potential Cure for Headaches<strong><span style="color: rgb(255, 0, 0);"><span style="color: rgb(0, 0, 153);font-size:78%;" ><u>Updated 11-16-2010</u></span> </span><br /></strong>While there has been plenty of higher stake <span class="blsp-spelling-error" id="SPELLING_ERROR_0"><span class="blsp-spelling-error" id="SPELLING_ERROR_0">cyber</span></span> security challenges dominating my team's attention lately, I stumbled on an interesting approach to address an issue many organizations wrestle with.<br /><br />The basic, consistent implementation of automatic locking Microsoft Windows PC screen savers, requiring password entry for access after a period of inactivity, poses a number of challenges. At least Microsoft's Active Directory (w/Group Policy Objects) makes implementation technically manageable. However, areas taking issue with implementing a required inactivity lockout often only have occasional legitimate business needs that are not suitable for a full exception. For example, personnel may give presentations and don't want to have disruptions, others may burn DVDs, view network traffic in a locked room, or occasionally engage in other unique activities where there is less interactive PC use- making realistic automatic screen locking burdensome.<br /><br />To help address this issue, we've been looking at several "Egg Timer" type of PC utilities to provide the means of temporary relief when merited so we can pursue a more consistent implementation of mandatory inactivity screen saver lockouts technical policy measures company-wide. One particular commercial offering has not yet gone to a new release (that we've been waiting on since 4Q2008) with expected pricing $10-$20 per PC plus annual maintenance.<br /><br />Alternatively, a very interesting, freeware scripting and compilation tool called <a href="http://www.autoitscript.com/autoit3/"><span class="blsp-spelling-error" id="SPELLING_ERROR_1"><span class="blsp-spelling-error" id="SPELLING_ERROR_1" style="color: rgb(0, 0, 153);"><strong>AutoIt</strong></span></span></a> has been available and improving for years. I haven't coded seriously in a long time and wasn't aware of this tool or its capabilities until recently. Surprisingly, the tool and associated slick editor along with lots of <a href="http://www.xipher.dk/WordPress/?tag=autoit"><span style="color: rgb(0, 0, 153);">sample code</span></a>, and large community of users together helped rapidly put me at ease. Although I didn't have much time available over the weekend, I still plunged ahead anyway and developed a "Beta" solution for review and feedback. <span style="color: rgb(0, 0, 153);">The <span class="blsp-spelling-error" id="SPELLING_ERROR_2"><span class="blsp-spelling-error" id="SPELLING_ERROR_2">CDS</span></span> utility developed since with </span><a href="http://www.autoitscript.com/autoit3/"><span class="blsp-spelling-error" id="SPELLING_ERROR_3"><span class="blsp-spelling-error" id="SPELLING_ERROR_3" style="color: rgb(0, 0, 153);"><strong>AutoIt</strong></span></span></a><span style="color: rgb(0, 0, 153);"> seems to do pretty much what we need and compiles into a reasonably small, single executable file that can just be dropped on the menu or just the desktop - <em>sweet</em>. The latest version supports use of Active Directory groups to authorize specific systems and logs user startup, activation, and exit events (user, timeout) of CDS to the local Windows Application event log and a designated central logging server (if assigned and available).<br /></span><br />This excursion is aimed at saving us some hard cash - a good thing in tough times - while also helping make the consistent implementation of screen saver technical controls easier to live with for all involved. Additionally, the sheer ease of using <a href="http://www.autoitscript.com/autoit3/"><span class="blsp-spelling-error" id="SPELLING_ERROR_4"><span class="blsp-spelling-error" id="SPELLING_ERROR_4" style="color: rgb(0, 0, 153);"><strong>AutoIt</strong></span></span></a> underscores how open source-like technology tools are continuing to develop <em>so even the free stuff can be the very good stuff</em>.<br /><br /><u><strong><span style="color: rgb(204, 0, 0);"><span style="font-size:85%;">Updated 11-16-2010</span> </span></strong></u><br /><span style="color: rgb(51, 51, 153);">A <a href="http://www.sourceforge.org/">SourceForge</a> open source edition of the Corporate Delay Screensaver (CDS) utility - CDS-v100-Open- is now available for download with commented source code, use documentation, and an example AutoIT complied executable at </span><a href="http://coporatedelaysc.sourceforge.net/"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>EN-US</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:dontvertaligncellwithsp/> <w:dontbreakconstrainedforcedtables/> <w:dontvertalignintxbx/> <w:word11kerningpairs/> <w:cachedcolbalance/> </w:Compatibility> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style> <![endif]--> </a><ul><li><a href="http://corpdelayscnsvr.sourceforge.net/">http://corpdelayscnsvr.sourceforge.net</a></li></ul>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-83722660404441330512009-08-08T12:28:00.001-05:002009-09-06T08:32:21.127-05:00BlackHat Smartgrid Worm Attack Simulation - Aug 27th Live Webcast: Smart Grid Device Security - Mike Davis, IOActive <span style="color:#660000;"><u><span style="font-size:78%;">Updated 9-5-2009</span></u><br /></span><br />Following <span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error">BlackHat</span></span> 2009 in July, the archived <span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error">webcast</span></span> below highlights critical research Mike Davis and other <span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error">IOActive</span></span> researchers performed on Smart Grid technology.<br /><br /><ul><li><a href="http://www.brighttalk.com/webcasts/5642/attend"><strong>Smart Grid Device Security - Mike Davis, <span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error">IOActive</span></span> 8/27 - 4-5 pm CST</strong></a> <span style="font-size:78%;"><span style="color:#660000;"><br /></span></span><span style="color:#990000;"><span style="color:#660000;">- References several video simulations of 22,000 node smart-meter worm propagation using GPS points gathered from <span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error">geo</span></span>-coded home addresses purchased from a bulk mailing list. Radio range and other factors are reflected once a compromised "Patient 0" meter is introduced. - </span><a href="http://www.youtube.com/watch?v=xy0vDYd22Rk"><span style="color:#660000;">Video 1</span></a>, <span style="color:#660000;"></span><a href="http://www.youtube.com/watch?v=kc_ijB7VPd8"><span style="color:#660000;">Video 2</span></a>, <a href="http://www.youtube.com/watch?v=gEzg1K-T9nA"><span style="color:#660000;">Video 3</span></a><br />- BrighTALK.com registration required. </span></li></ul><p>Davis and other <span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error">IOActive</span></span> researchers developed a proof-of-concept malicious code that self-propagated in a peer-to-peer fashion from one meter to the next as part of their effort to identify Smart Grid <span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error">cyber</span></span> security risks and threats. <span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error">Webcast</span></span> also addresses this attack simulation and discovered Smart Grid vulnerabilities to attack- such as susceptibilities to buffer overflows and root kits.<br /></p><p>As one of the top Black Hat conference presentations, this has stirred up further attention to Smart Grid <span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error">cyber</span></span> security just as <span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error">NIST</span></span> is working to stand up and plow through developing related requirements and standards on an accelerated schedule. For those that missed out on the Blank Hat session, this recap is very informative.<br /><br /><em><u><span style="font-size:78%;color:#000099;">Update 8-20-2009<br /></span></u></em><em>Davis's </em><a href="http://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#MDavis"><em>Recoverable Advanced Metering Infrastructure</em></a><em> presentation slides (23 pages, some thoughtful <span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error">redactions</span></span>) are now posted in the </em><a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#MDavis"><em>Black Hat USA 2009 Archive area</em></a><em>. </em></p>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-69407727281072497202009-08-02T09:24:00.003-05:002013-02-01T05:33:41.407-06:00NIST on a roll with "Historic" Security Controls Guidance & SmartGrid 3rd Workshop Aug 3-4-Plus: BlackHat Smartmeter Worm Attack Simulation<u><strong><span class="blsp-spelling-error" id="SPELLING_ERROR_0"><span class="blsp-spelling-error" id="SPELLING_ERROR_0">NIST</span></span> SP800-53 Rev 3 is Final</strong></u><br />
The newly released voluminous <a href="http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf"><span class="blsp-spelling-error" id="SPELLING_ERROR_1"><span class="blsp-spelling-error" id="SPELLING_ERROR_1">NIST</span></span> SP800-53 <span class="blsp-spelling-error" id="SPELLING_ERROR_2"><span class="blsp-spelling-error" id="SPELLING_ERROR_2">Revison</span></span> 3</a> (~40 core pages plus supporting sections, 236 pages total) addresses and deliverers a unifying <span class="blsp-spelling-error" id="SPELLING_ERROR_3"><span class="blsp-spelling-error" id="SPELLING_ERROR_3">cyber</span></span> security framework for use across governmental, civilian, and critical infrastructure entities. The focus remains establishing a solid baseline security posture across eighteen control set families Consensus developed <em></em><a class="l" href="http://www.sans.org/cag/guidelines.php" onmousedown="return clk(this.href,'','','res','3','')"><em>SANS Institute - 20 Critical Security Controls - Version 2.0</em></a><em> provides an updated mapping to this <span class="blsp-spelling-error" id="SPELLING_ERROR_4">NIST</span> release. </em><br />
<br />
<span class="blsp-spelling-error" id="SPELLING_ERROR_4"><span class="blsp-spelling-error" id="SPELLING_ERROR_5">NIST</span></span> said the updated security control catalogue incorporates best practices in information security from the Department of Defense, intelligence community and civilian agencies to produce the most broad-based and comprehensive set of safeguards and countermeasures ever developed for information systems.<br />
<br />
Significant changes include:<br />
<ol>
<li>A simplified, six-step risk management framework</li>
<li>Additional enhancements for advanced <span class="blsp-spelling-error" id="SPELLING_ERROR_5"><span class="blsp-spelling-error" id="SPELLING_ERROR_6">cyber</span></span> threats; </li>
<li>Prioritizing or sequencing security controls during implementation or deployment;</li>
<li>New references section in revised security control structure; </li>
<li>Supplemental guidance security requirements eliminated;</li>
<li>Addresses risk management framework for legacy information systems and for external providers of information system services; </li>
<li>Current threat information and known <span class="blsp-spelling-error" id="SPELLING_ERROR_6"><span class="blsp-spelling-error" id="SPELLING_ERROR_7">cyber</span></span> attacks factored into security control baselines updates.</li>
<li>Addresses organization-level security controls for managing information security programs; </li>
<li>Guidance on the management of common controls within organizations; and </li>
<li>Strategy for harmonizing Federal Information Security Management Act security standards and guidelines with international security standard ISO/<span class="blsp-spelling-error" id="SPELLING_ERROR_7"><span class="blsp-spelling-error" id="SPELLING_ERROR_8">IEC</span></span> 27001.</li>
<li>Tailoring industrial control systemsm, including compensating controls- Appendix I</li>
</ol>
<span class="blsp-spelling-error" id="SPELLING_ERROR_8"><span class="blsp-spelling-error" id="SPELLING_ERROR_9">NERC</span></span> emphasized ISO/<span class="blsp-spelling-error" id="SPELLING_ERROR_9"><span class="blsp-spelling-error" id="SPELLING_ERROR_10">IEC</span></span> 27001 (aka ISO 17799) with the introduction of <span class="blsp-spelling-error" id="SPELLING_ERROR_10"><span class="blsp-spelling-error" id="SPELLING_ERROR_11">CIPs</span></span> and 40+ security requirements; this major enhancement to SP 800-53 should help towards <span class="blsp-spelling-error" id="SPELLING_ERROR_11"><span class="blsp-spelling-error" id="SPELLING_ERROR_12">NERC</span></span> <span class="blsp-spelling-error" id="SPELLING_ERROR_12"><span class="blsp-spelling-error" id="SPELLING_ERROR_13">CIPs</span></span> getting even more <span class="blsp-spelling-error" id="SPELLING_ERROR_13"><span class="blsp-spelling-error" id="SPELLING_ERROR_14">NISTy</span></span>.<br />
<u><strong><span class="blsp-spelling-error" id="SPELLING_ERROR_14"><span class="blsp-spelling-error" id="SPELLING_ERROR_15">NIST</span></span> <span class="blsp-spelling-error" id="SPELLING_ERROR_15"><span class="blsp-spelling-error" id="SPELLING_ERROR_16">SmartGrid</span></span> Workshop - Aug 3rd -4<span class="blsp-spelling-error" id="SPELLING_ERROR_17">th</span></strong></u><br />
Third major <span class="blsp-spelling-error" id="SPELLING_ERROR_16"><span class="blsp-spelling-error" id="SPELLING_ERROR_18">NIST</span></span> Smart Grid workshop - web/teleconference options:<br />
<em>A key objective of the public workshop is to engage standards development organizations (<span class="blsp-spelling-error" id="SPELLING_ERROR_17"><span class="blsp-spelling-error" id="SPELLING_ERROR_19">SDOs</span></span>) in addressing standards-related priorities. Sessions will be devoted to discussing individual <span class="blsp-spelling-error" id="SPELLING_ERROR_18"><span class="blsp-spelling-error" id="SPELLING_ERROR_20">SDO</span></span> perspectives on the evolving <span class="blsp-spelling-error" id="SPELLING_ERROR_19"><span class="blsp-spelling-error" id="SPELLING_ERROR_21">roadmap</span></span> for Smart Grid interoperability standards, reaching agreement on which organizations should resolve specific standards needs, and developing plans and setting <span class="blsp-spelling-error" id="SPELLING_ERROR_20"><span class="blsp-spelling-error" id="SPELLING_ERROR_22">timelines</span></span> for meeting these responsibilities.</em><br />
<ul>
<li><a href="http://collaborate.nist.gov/twiki-sggrid/bin/view/_SmartGridInterimRoadmap/SmartGridStandardsWorkshop"><span class="blsp-spelling-error" id="SPELLING_ERROR_21"><span class="blsp-spelling-error" id="SPELLING_ERROR_23">Webcast</span></span> information will be posted on this link before the first session begins</a> (<a href="http://www.nist.gov/smartgrid/">more</a>)Agenda worth checking out, e.g. Tuesday – <span class="blsp-spelling-error" id="SPELLING_ERROR_22"><span class="blsp-spelling-error" id="SPELLING_ERROR_24">Cyber</span></span> Security Strategy - 8am start (CST) , workshop wrap-up Tuesday PM includes report out from multiple topic tracks.</li>
</ul>
<u><strong>Smart Meter Worm Could Spread Like A Virus</strong></u> - Black Hat Presentation.<br />
At Black Hat last week, <a href="http://www.ioactive.com/services/scada-smart-grid.php"><span class="blsp-spelling-error" id="SPELLING_ERROR_23"><span class="blsp-spelling-error" id="SPELLING_ERROR_25">IOActive</span></span>’s</a> Mike Davis and team created a simulation demonstrating how, over a period of 24 hours, about 15,000 out of 22,000 homes had their smart meters taken over by a software worm that placed the devices under the control of the worm’s designers. More: <a href="http://earth2tech.com/2009/07/31/smart-meter-worm-could-spread-like-a-virus/">Smart Meter Worm Could Spread Like A Virus</a> <br />
<em>Some speculation-</em> the simulation likely focused on a single managed smart grid environment (not across multiple, independent smart-grid settings). The meter manufacturer reportedly first dismissed the claims until they were proven. The vulnerabilities are similar to what happens when computers are linked over the Internet. By exploiting weaknesses in the way computers talk to each other, hackers designed attacks can size control. The <a href="http://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#MDavis">Recoverable Advanced Metering Infrastructure</a> presentation information is not posted yet in the <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html"><span class="blsp-spelling-error" id="SPELLING_ERROR_24">Black Hat</span> USA 2009 Archive area</a>. <br />
<br />
<a href="http://www.blackhat.com/"><span class="blsp-spelling-error" id="SPELLING_ERROR_25">Black Hat</span></a> and <a href="http://www.defcon.org/"><span class="blsp-spelling-error" id="SPELLING_ERROR_26"><span class="blsp-spelling-error" id="SPELLING_ERROR_26">Defcon</span></span></a> draws some of the best talent around to crack security e.g. <a href="http://www.pcworld.com/article/169370/black_hat_researchers_find_free_parking_in_san_francisco.html">Black Hat Researchers Find 'Free' Parking in San Francisco</a> and <a href="http://news.google.com/news?q=blackhat%20hacking&sourceid=ie7&rls=com.microsoft:en-US&oe=utf8&um=1&ie=UTF-8&sa=N&hl=en&tab=wn">more news</a>.Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-51883072289207712672009-07-26T22:50:00.000-05:002009-08-10T18:34:23.511-05:00Securing the Modern Electric Grid from Physical and Cyber Attacks - Homeland Security Committee Hearing 7/21/2009The Homeland Security Committee hearing <a href="http://homeland.house.gov/hearings/index.asp?ID=206">“<span style="color:#000099;"><strong>Securing the Modern Electric Grid from Physical and <span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error">Cyber</span></span> Attacks</strong></span>”</a> on 7/21/2009 provided solid industry perspective on improving <span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error">cyber</span></span> security. Additionally, serious committee attention now is also focusing on the growing threat of physical damage from <a href="http://en.wikipedia.org/wiki/Electromagnetic_pulse"><span style="color:#000099;"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error">EMP</span></span> (Electromagnetic Pulse)</span></a> threats. An <span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error">EMP</span></span> attack, using one or several high attitude nuclear detonations, risks taking out all digital and electrical infrastructure across wide swaths of North America. The <span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error">EMP</span></span> threat is not new; however, there is growing risk of a deliberate attack from either a rouge group or nation sponsored effort, <em>e.g. Iran sea based delivery testing for such a device with high attitude explosion</em>. Our vulnerability to this issue serves to increase risk. <span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error">EMP</span></span> is a national security issue long overdue for realistic mitigation - there is a need to get beyond just studying the issue. Congress sees the potential consequences from the <span id="SPELLING_ERROR_6" class="blsp-spelling-error">EMP</span> threat as unacceptable, the cost to substantially mitigate reasonable, and is challenging industry to get after <span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error">EMP</span></span> risk mitigation.<br /><ul><li><strong>Mr. <span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error">Fabro</span></span></strong>, from <a href="http://www.loftyperch.com/"><span style="color:#000099;">Lofty Perch</span></a>, helped bolster the perspective that industry is substantially improving <span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error">cyber</span></span> security- good technical, constructive views, recommendations and responses to congressional Q&A. <p></p></li><li><span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error">NERC</span></span>’s <span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error">CSO</span></span><strong> </strong>Mr. <span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_12" class="blsp-spelling-error">Assante</span></span> emphasizing progress since joining <span id="SPELLING_ERROR_12" class="blsp-spelling-error"><span id="SPELLING_ERROR_13" class="blsp-spelling-error">NERC</span></span> in September of 2008- e.g. <span id="SPELLING_ERROR_13" class="blsp-spelling-error"><span id="SPELLING_ERROR_14" class="blsp-spelling-error">cyber</span></span> event reporting, communicating more effectively with +1800 entities, improving analysis of threats and industry alerting. He also clearly stated the grid is not immune to <span id="SPELLING_ERROR_14" class="blsp-spelling-error"><span id="SPELLING_ERROR_15" class="blsp-spelling-error">cyber</span></span> or physical threats. and more will be done with industry engaged, factoring <span id="SPELLING_ERROR_15" class="blsp-spelling-error"><span id="SPELLING_ERROR_16" class="blsp-spelling-error">NIST</span></span> in further <span id="SPELLING_ERROR_16" class="blsp-spelling-error"><span id="SPELLING_ERROR_17" class="blsp-spelling-error">CIPs</span></span> development. <span id="SPELLING_ERROR_17" class="blsp-spelling-error"><span id="SPELLING_ERROR_18" class="blsp-spelling-error">NERC</span></span> also still views a need for more <span id="SPELLING_ERROR_18" class="blsp-spelling-error"><span id="SPELLING_ERROR_19" class="blsp-spelling-error">FERC</span></span> authority to better address the risk of immediate, severe threats in a timely manner. <p></p></li><li>Some committee members remain very skeptical about industry treating <span id="SPELLING_ERROR_19" class="blsp-spelling-error"><span id="SPELLING_ERROR_20" class="blsp-spelling-error">cyber</span></span> security seriously, emphasizing concerns about being lied to by industry, lack of progress. Now questions are also focusing on what industry is really doing about the <a href="http://en.wikipedia.org/wiki/Electromagnetic_pulse"><span style="color:#000099;"><span id="SPELLING_ERROR_20" class="blsp-spelling-error"><span id="SPELLING_ERROR_21" class="blsp-spelling-error">EMP</span></span> threat</span></a> - whether from a premeditated attack or natural in origin, e.g. <a href="http://en.wikipedia.org/wiki/Solar_storm"><span style="color:#000099;">solar storms</span></a>. <em>Nothing<strong>?</strong></em><strong><br /></strong><em>- <strong>Rep. Bill <span id="SPELLING_ERROR_21" class="blsp-spelling-error"><span id="SPELLING_ERROR_22" class="blsp-spelling-error">Pascrell</span></span>, JR’s (from NJ</strong>) plainly spoken, eviscerating comments and questions provide an instructive example of some hardball congressional Q&A (jump to about <strong>1:16:05</strong> in <a href="http://homeland.edgeboss.net/wmedia/homeland/chs/elecgrid.wvx"><span style="color:#000099;">recorded hearing</span></a>)</em> <p></p></li><li><span id="SPELLING_ERROR_22" class="blsp-spelling-error"><span id="SPELLING_ERROR_23" class="blsp-spelling-error">NERC</span></span>. working with DOE, formed up special invitation-only group July 2<span id="SPELLING_ERROR_23" class="blsp-spelling-error"><span id="SPELLING_ERROR_24" class="blsp-spelling-error">nd</span></span> to further look at high impact, low probability, or better stated - low frequency, events (<span id="SPELLING_ERROR_24" class="blsp-spelling-error"><span id="SPELLING_ERROR_25" class="blsp-spelling-error">EMP</span></span>, solar weather, terrorism, etc)<br /><br /><u>More</u>:<br />-<span style="color:#000099;"><strong> </strong></span><a href="http://www.washingtontimes.com/news/2009/jul/20/an-avoidable-catastrophe/?feat=home_commentary"><span style="color:#000099;"><strong>An avoidable catastrophe</strong></span></a> – Opinion Commentary. – Washington Times 7/20/2009<br />- <a href="http://www.empcommission.org/docs/A2473-EMP_Commission-7MB.pdf"><span style="color:#000099;"><strong>Report of the Commission to Assess the Threat to the United Status from Electromagnetic Pulse (<span id="SPELLING_ERROR_25" class="blsp-spelling-error"><span id="SPELLING_ERROR_26" class="blsp-spelling-error">EMP</span></span>) Attack</strong></span></a>, April 2008 (208 pages) <em>- Well organized update to the 2004 report, walks through key scenarios and consequences.</em></li></ul>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-15336186555070401742009-04-15T22:09:00.000-05:002009-04-16T07:55:39.136-05:00Yes- Omaha's Infotec09 Rocked !After taking a year off and regrouping, <a href="http://www.infotec.org/"><span style="color:#000099;"><strong><span class="blsp-spelling-error" id="SPELLING_ERROR_0"><span class="blsp-spelling-error" id="SPELLING_ERROR_0">Infotec</span></span>09</strong></span></a> April 14-<span style="color:#000000;">15, 2009 <strong>rocked.</strong><br /></span><br />This bargain conference offered excellent keynotes, including Erik <span class="blsp-spelling-error" id="SPELLING_ERROR_1"><span class="blsp-spelling-error" id="SPELLING_ERROR_1">Wahl's</span></span> phenomenal opening "Art of Vision" message (<a href="http://www.theartofvision.com/"><span style="color:#000099;">website</span></a>), and a broad set of innovation themed tracks addressing security, infrastructure, collaboration, leadership, culture and more. There were plenty of excellent, oft published speakers, industry leaders- one of my favorites being the pragmatic, candid security leadership guru <a href="http://securityincite.com/"><span style="color:#000099;">Mike <span class="blsp-spelling-error" id="SPELLING_ERROR_2"><span class="blsp-spelling-error" id="SPELLING_ERROR_2">Rothman</span></span></span></a>. Also well represented, a <a href="http://www.infotec.org/sponsors.aspx"><span style="color:#000099;">sponsor mix</span></a> across a wide solution space of products and services. It was also great seeing some folks I haven't seen in a while, catching up and talking shop, and making new contacts.<br /><br /><span class="blsp-spelling-error" id="SPELLING_ERROR_3" style="color:#000099;"><a href="http://www.infotec.org/"><strong><span class="blsp-spelling-error" id="SPELLING_ERROR_3">Infotec's</span></strong></a></span> solid comeback with an unofficial 600+ reportedly attending this week at <a href="http://en.wikipedia.org/wiki/Qwest_Center_Omaha"><span style="color:#000099;"><span class="blsp-spelling-error" id="SPELLING_ERROR_4"><span class="blsp-spelling-error" id="SPELLING_ERROR_4">Qwest</span></span> Center Omaha</span></a> made its mark- a success to build on bolstered with online and informative<span style="color:#000099;"> </span><a href="http://www.infotec.org/sessions.aspx"><span style="color:#000099;">session</span></a> <a href="http://blog.infotec.org/"><span style="color:#000099;"><strong>blog summaries w/slides</strong></span></a>.Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-42897131850401660872009-04-06T06:54:00.000-05:002009-04-07T23:43:17.668-05:00Feds Backing Up Rhetoric with Cybersecurity Action -plus Joe Weiss's latest testimonyLawmakers and the Obama Administration continue ratcheting up federal level attention to private sector critical infrastructure <span id="SPELLING_ERROR_0" class="blsp-spelling-error">cyber</span> security defenses. Concurrently, with a 60-day review ordered by the Administration yet underway (<a href="http://www.darkreading.com/security/government/showArticle.jhtml?articleID=215800529"><span style="color:#000099;">interim update</span></a> -3/3), the Senate is developing <strong>sweeping legislation that would </strong><a href="http://www.washingtonpost.com/wp-dyn/content/article/2009/03/31/AR2009033103684_pf.html"><span style="color:#000099;"><strong>Federalize <span id="SPELLING_ERROR_1" class="blsp-spelling-error">Cybersecurity</span></strong></span></a>. Many of the proposals stem from recommendations provided within the seminal <a href="http://www.csis.org/tech/cyber/"><span style="color:#000099;"><span id="SPELLING_ERROR_2" class="blsp-spelling-error">Cybersecurity</span> for the 44<span id="SPELLING_ERROR_3" class="blsp-spelling-error">th</span> Presidency study</span></a> submitted last year by the Center for Strategic and International Studies, including:<br /><ul><li>appointing a White House <span id="SPELLING_ERROR_4" class="blsp-spelling-error">cyber</span> security "czar" with the authority to shut down government and private computer networks during a <span id="SPELLING_ERROR_5" class="blsp-spelling-error">cyber</span>-attack</li><li>charging the National Institute of Standards and Technology (<a href="http://www.nist.gov/"><span style="color:#000099;"><span id="SPELLING_ERROR_6" class="blsp-spelling-error">NIST</span></span></a>) to establish "measurable and <span id="SPELLING_ERROR_7" class="blsp-spelling-error">auditable</span> <span id="SPELLING_ERROR_8" class="blsp-spelling-error">cyber</span> security standards" </li><li>mandating an ongoing, quadrennial review of the nation's <span id="SPELLING_ERROR_9" class="blsp-spelling-error">cyber</span> defenses</li><li>requiring licensing and certification of <span id="SPELLING_ERROR_10" class="blsp-spelling-error">cyber</span> security professionals.</li></ul><p>Also notable, <a href="http://www.nsa.gov/"><span style="color:#000099;">NSA</span></a>’s increasing role in such developments is causing growing concerns about privacy and pursuing an inherently flawed strategy by charging the organization with both ongoing intelligence gathering and an expansive new mission around national <span id="SPELLING_ERROR_11" class="blsp-spelling-error">cyber</span> defenses. The <a href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129218"><span style="color:#000099;">resignation of Rod <span id="SPELLING_ERROR_12" class="blsp-spelling-error">Beckstrom</span></span></a> from an executive-level <span id="SPELLING_ERROR_13" class="blsp-spelling-error">cyber</span> security federal government position underscores such concerns.</p><p><strong><u><span id="SPELLING_ERROR_14" class="blsp-spelling-error">FERC</span> Order - Nuclear "Regulatory Gap" Update</u><em>.</em></strong><br />The Federal Energy Regulatory Commission (<a href="http://www.ferc.gov/"><span style="color:#000099;"><span id="SPELLING_ERROR_15" class="blsp-spelling-error">FERC</span></span></a>) is pressing forward to resolve commercial nuclear <span id="SPELLING_ERROR_16" class="blsp-spelling-error">cyber</span> security jurisdictional “regulatory gap” concerns raised last year. A <span id="SPELLING_ERROR_17" class="blsp-spelling-error">FERC</span> issued <a href="http://edocket.access.gpo.gov/2009/E9-6503.htm">“<span style="color:#000099;">clarification</span>”</a> (~17 pages; Docket No. RM06-22-000; Order No. 706-B) on March 25<span id="SPELLING_ERROR_18" class="blsp-spelling-error">th</span> addresses previously requested industry input. It also concludes with a determination insisting that the portions of a nuclear power plant, not specifically addressed with tighter security program coverage in the forthcoming regulations from the Nuclear Regulatory Commission (<a href="http://www.nrc.gov/"><span style="color:#000099;">NRC</span></a>), will be required to adhere to <a href="http://www.nerc.com/page.php?cid=2"><span style="color:#000099;"><span id="SPELLING_ERROR_19" class="blsp-spelling-error">NERC</span> Critical Infrastructure Protection (<span id="SPELLING_ERROR_20" class="blsp-spelling-error">CIP</span>) Reliability Standards</span></a>. This rule became effective March 25, 2009. The combination of enhanced NRC requirements and the addition of <span id="SPELLING_ERROR_21" class="blsp-spelling-error">FERC</span>/<span id="SPELLING_ERROR_22" class="blsp-spelling-error">NERC</span> expectations into the mix make addressing <span id="SPELLING_ERROR_23" class="blsp-spelling-error">cyber</span> security an even more important licensing and compliance challenge for commercial nuclear power. <em>Some good news- </em><span id="SPELLING_ERROR_24" class="blsp-spelling-error">FERC</span> is providing implementation schedule flexibility which will first be addressed by the Electric Reliability Organization (<span id="SPELLING_ERROR_25" class="blsp-spelling-error">ERO</span>). <a href="http://www.nerc.com/"><span id="SPELLING_ERROR_26" class="blsp-spelling-error">NERC</span></a>, as <span id="SPELLING_ERROR_27" class="blsp-spelling-error">ERO</span>, is is required to submit related compliance filing to <span id="SPELLING_ERROR_28" class="blsp-spelling-error">FERC</span> within 180 days.</p><p><strong><u>Congressional Hearing- Latest Round on <span id="SPELLING_ERROR_29" class="blsp-spelling-error">Cybersecurity</span> w/Joe Weiss</u>.</strong><br />On Thursday, March 19, 2009, the US Senate Committee on Commerce,Science, and Transportation held a hearing titled <strong><span id="SPELLING_ERROR_30" class="blsp-spelling-error">Cybersecurity</span>: Assessing Our Vulnerabilities and Developing an Effective Defense</strong> (<a href="http://commerce.senate.gov/public/index.cfm?FuseAction=Hearings.Hearing&Hearing_ID=d59f00d0-0ad9-41cd-bde8-b96babb08b7e"><span style="color:#000099;"><span id="SPELLING_ERROR_31" class="blsp-spelling-error">webcast</span>-<em>jump 12m to session start</em>, testimony</span></a>) Among the witnesses offering testimony was Mr. Joseph Weiss, a nuclear and industrial controls system (<span id="SPELLING_ERROR_32" class="blsp-spelling-error">ICS</span>) engineer, who long has been critical of most vendor, industry, and governmental/regulatory measures addressing related <span id="SPELLING_ERROR_33" class="blsp-spelling-error">cyber</span> security risks. His statement included pointing out how industrial control systems have experienced at least 125 significant <span id="SPELLING_ERROR_34" class="blsp-spelling-error">cyber</span> security incidents during the past decade (<a href="http://commerce.senate.gov/public/_files/WeissTestimony.pdf"><span style="color:#000099;">written testimony</span></a>). The effects include environmental damage, mechanical damage and in once case, death. He said that a coordinated attack could have devastating consequences, "taking months to recover." <em>(Editorial note: Potential physical and other electronic systemic attacks yet to be substantively experienced remain a noteworthy risk with conceivably even lengthier recovery periods.) </em><strong>Worth watching</strong> as each of the witnesses had their perspective backed with solid points followed by Q&A that pressed for answers around concerns raised and improvement approaches needed. </p><p><strong>It's increasingly clear that <span id="SPELLING_ERROR_35" class="blsp-spelling-error">cyber</span> security in critical infrastructure settings, especially the </strong><a href="http://www.esisac.com/"><strong>Electric Sector</strong></a><strong>, will continue gathering growing attention at a national level that goes well beyond sensationalized media coverage. </strong></p><p></p>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-55413763769905908082009-03-21T23:15:00.000-05:002009-04-06T18:56:30.291-05:00Assante Pressing NERC Cyber Security Program Forward -Tim Roxey appointment and NERC Alerts changes<span style="font-size:78%;color:#000099;">Updated 3/29/2009</span><br /><a href="http://www.google.com/search?hl=en&rls=com.microsoft%3A*%3AIE-SearchBox&rlz=1I7SUNA&q=%22Michael+Assante%22+security"><span style="color:#000099;"><strong>Michael <span id="SPELLING_ERROR_0" class="blsp-spelling-error">Assante</span></strong></span></a> continues making program progress at <a href="http://www.nerc.com/"><span id="SPELLING_ERROR_1" class="blsp-spelling-error">NERC</span></a> since his <a href="http://www.nerc.com/news_pr.php?npr=146"><span style="color:#000099;">appointment in August 2008</span></a> into a newly formed Chief Security Officer (<span id="SPELLING_ERROR_2" class="blsp-spelling-error">CSO</span>) position. <em>His focus</em>- establishing <a href="http://www.nerc.com/page.php?cid=220"><span style="color:#000099;">Critical Infrastructure Protection (<span id="SPELLING_ERROR_3" class="blsp-spelling-error">CIP</span>)</span></a> as one of the mainstream functions at <span id="SPELLING_ERROR_4" class="blsp-spelling-error">NERC</span> alongside continuing standards development, compliance and enforcement, and reliability assessment programs. Some notable developments:<br /><ul><li><strong>The recent </strong><a href="http://www.nerc.com/news_pr.php?npr=246"><strong><span style="color:#000099;">appointment of Tim <span id="SPELLING_ERROR_5" class="blsp-spelling-error">Roxey</span> as <span id="SPELLING_ERROR_6" class="blsp-spelling-error">NERC</span> as Manager of Critical Infrastructure Protection</span></strong></a><strong><span style="color:#000099;">.<br /></span></strong>- Mr. <span id="SPELLING_ERROR_7" class="blsp-spelling-error">Roxey</span> has extensive commercial nuclear power physical and <span id="SPELLING_ERROR_8" class="blsp-spelling-error">cyber</span> security program experience.<br />- He instrumentally promoted and supported the <a href="http://www.nei.org/"><span style="color:#000099;">commercial nuclear power industry</span></a> initiative addressing <span id="SPELLING_ERROR_9" class="blsp-spelling-error">cyber</span> with <a href="http://www.ieee.org/organizations/pes/meetings/gm2008/slides/NPII-Standardized-Cyber-Security-Programs-Initiative.pdf"><span style="color:#000099;"><span id="SPELLING_ERROR_10" class="blsp-spelling-error">NEI</span> 04-04 <span id="SPELLING_ERROR_11" class="blsp-spelling-error">Cyber</span> Security Program for Power Reactors</span> </a>as a NRC endorsed “acceptable method” - well ahead of related further regulatory framework development and guidance now firming up. <em>I had an excellent learning opportunity working with Tim <span id="SPELLING_ERROR_12" class="blsp-spelling-error">Roxey</span> and team as an active Computer Security Standing Committee member back in 2006.</em> The focus then was getting <span id="SPELLING_ERROR_13" class="blsp-spelling-error">NEI</span> 04-04 packaged up into <span id="SPELLING_ERROR_14" class="blsp-spelling-error">rollout</span> <span id="SPELLING_ERROR_15" class="blsp-spelling-error">templated</span>, presentation form for the fall <a href="http://www.nitsl.org/"><span style="color:#000099;">2006 <span id="SPELLING_ERROR_16" class="blsp-spelling-error">NITSL</span> workshop</span></a>.<br />- He extensively helped assess and address <a href="http://www.cnn.com/2007/US/09/26/power.at.risk/index.html"><span style="color:#000099;">Aurora vulnerability</span></a> <span id="SPELLING_ERROR_17" class="blsp-spelling-error">mitigations</span>- working with <a href="http://www.nei.org/"><span id="SPELLING_ERROR_18" class="blsp-spelling-error">NEI</span></a> to help ensure commercial nuclear generation stepped up and robustly addressed the issue. Tim <span id="SPELLING_ERROR_19" class="blsp-spelling-error">Roxey</span> also effectively provided <a href="http://homeland.house.gov/hearings/index.asp?ID=95&subcommittee=12"><span style="color:#000099;">congressional testimony on actions taken and completion status</span></a> - a stark contrast to <span id="SPELLING_ERROR_20" class="blsp-spelling-error">FERC</span> and <span id="SPELLING_ERROR_21" class="blsp-spelling-error">NERC</span> testimony.<br /><em>- Bottom Line:</em> Tim <span id="SPELLING_ERROR_22" class="blsp-spelling-error">Roxey's</span> solid industry experience, connections, dedication and savvy add up to a very good move for <span id="SPELLING_ERROR_23" class="blsp-spelling-error">NERC</span>. <p><br /></p></li><li><strong>A new <span id="SPELLING_ERROR_24" class="blsp-spelling-error">NERC</span> <span id="SPELLING_ERROR_25" class="blsp-spelling-error">CIP</span> Alert Communication Process.<br /></strong>- Communication will use specific email subject lines/levels:<br /><strong>_ ADVISORY</strong>: (Title) <em>- No Response Required<br /></em>_ <strong>RECOMMENDATION</strong>: (Title) - <em><u>Response Required</u>.</em><br />_ <strong>ESSENTIAL ACTION:</strong> (Title) - <em><u>Response Required</u>.<u> </u></em><br />- Entities acknowledgement required in 24 hours if issue rated higher than Advisory. <em>Grace period on this requirement extends to March 31, 2009 after which responses received after the 24-hour acknowledgement period will be noted as late or non-responsive.</em> Additionally, more sensitive acknowledgement response information may need to be sent via paper until more secure electronic communication facilities established.<br />- New alert handling <span id="SPELLING_ERROR_26" class="blsp-spelling-error">signifiers</span> will future clarify distribution restrictions.<br />_ <span style="color:#000000;"><strong>PUBLIC</strong> (Green):</span> No Restrictions. Will be posted to <a href="http://www.nerc.com/page.php?cid=563"><span style="color:#000099;"><span id="SPELLING_ERROR_27" class="blsp-spelling-error">NERC</span>’s website alert page</span></a>.<br />_ <span style="color:#000000;"><strong>PRIVATE </strong>(Yellow):</span> Restrict to Internal Use and Necessary Consultants / Third-Party Providers<br />_ <strong>SENSITIVE</strong> (Red): Internal Use Only (Do Not Distribute Outside Your Company)<br />_ <strong>CONFIDENTIAL</strong> (Black): Limited Internal Distribution Decided Upon by an Officer of the Company<br />- An “alerts manual” instructions book will be developed and released by March 31, 2009 to help entities better understand, organize, and train staff to support the alerts process.<br /><em>- More background:</em> <a href="http://www.nerc.com/fileUploads/File/Training/Alerts_Webinar_FINAL-web.pdf">Alerts Distribution, Reporting & FAQ - Michael <span id="SPELLING_ERROR_28" class="blsp-spelling-error">Assante</span> & Doug <span id="SPELLING_ERROR_29" class="blsp-spelling-error">Newbauer</span> Jan 22, 2009</a><br /><br />- <span style="color:#000099;"><u><strong>Update 3/28-</strong></u></span> On March 24<span id="SPELLING_ERROR_30" class="blsp-spelling-error">th</span>, Doug <span id="SPELLING_ERROR_31" class="blsp-spelling-error">Newbauer</span>, Manager of <span id="SPELLING_ERROR_32" class="blsp-spelling-error">NERC</span> Alerts, indicated that the deadline for mandatory 24 hours response on alerts will be extended: <em>"In response to feed back from registered entities and because <span id="SPELLING_ERROR_33" class="blsp-spelling-error">NERC</span> is replacing the current Alerts application, <span id="SPELLING_ERROR_34" class="blsp-spelling-error">NERC</span> is delaying the 24 hour response requirement scheduled to begin April 1, 2009, until the new application is on line and operational."<br />- </em>The application is expected to be prepared and <span id="SPELLING_ERROR_35" class="blsp-spelling-corrected">released</span> 3Q2009.</li></ul><p></p>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0tag:blogger.com,1999:blog-1189434011500461359.post-47294267966455334412009-03-01T18:39:00.000-06:002009-08-10T19:24:04.972-05:00Significant, targeted attacks even against ISPs?-Absolutely! (just ask Time Warner)One might think that larger financial institutions and other entities with directly exploitable financial or personal information remain the major nexus of criminal <span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error"><span id="SPELLING_ERROR_0" class="blsp-spelling-error">cyber</span></span></span></span></span></span></span></span></span></span></span></span></span></span> problems. However, even consumer grade <span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error"><span id="SPELLING_ERROR_1" class="blsp-spelling-error">ISPs</span></span></span></span></span></span></span></span></span></span></span></span></span></span> are increasing facing challenges. Time Warner's drawn out efforts now in the limelight represent just the latest example of an organization scrambling to address service and <span id="SPELLING_ERROR_2" class="blsp-spelling-corrected">reputation</span> impacts from a disrupting <span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error"><span id="SPELLING_ERROR_2" class="blsp-spelling-error">cyber</span></span></span></span></span></span></span></span></span></span></span></span></span></span> security attack.<br /><br /><ul><li><strong>February 28, 2009<br /><br />During the past week, hackers have launched a series of attacks on Time Warner Cable's servers. Time Warner Cable is working with law enforcement agencies to resolve these crimes.<br /><br />As a result of these attacks, you may have experienced a temporary "outage" when attempting to surf the Web, including an intermittent "page cannot be displayed" error message. The outages did not result in services being 100% unavailable; and were limited to sporadic timeouts which appeared to be random events. Some users may have experienced a total disconnect, however. These types of attacks are not uncommon, especially for a network as large as ours. We suspect that the attackers are using "zombie computers," or hijacking unsuspecting subscribers' machines to perpetrate the attack without its owner's knowledge.<br /><br />All of us at <span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error"><span id="SPELLING_ERROR_3" class="blsp-spelling-error">TWC</span></span></span></span></span></span></span></span></span></span></span></span></span></span> take these attacks extremely seriously. As previously mentioned, we are working with the appropriate law enforcement agencies that specialize in investigating these types of crimes. We will pursue prosecution of all perpetrators to the fullest extent of the law. We apologize for the inconvenience that these attacks may have caused and encourage you to report any suspicious activity. Instructions for reporting security abuse are located at </strong><a href="http://help.rr.com/" target="_blank"><strong>http://help.rr.com</strong></a><strong>.<br /><br />Sincerely,<br />Time Warner Cable</strong><br /><br />More: <a href="http://news.google.com/news?ned=us&hl=en&q=time+warner+attack">Google News Search: Time Warner Attack</a></li></ul><p>The persistent assault centers on impacting Time Warner’s <a href="http://en.wikipedia.org/wiki/Domain_name_system">domain naming system (<span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error"><span id="SPELLING_ERROR_4" class="blsp-spelling-error">DNS</span></span></span></span></span></span></span></span></span></span></span></span></span></span>)</a> services. Given that <span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error"><span id="SPELLING_ERROR_5" class="blsp-spelling-error">DNS</span></span></span></span></span></span></span></span></span></span></span></span></span></span> supports domain name to <span id="SPELLING_ERROR_6" class="blsp-spelling-corrected">Internet</span> address resolution functions, e.g., when <span id="SPELLING_ERROR_6" class="blsp-spelling-corrected">Internet</span> surfing, an easy mitigation for customers is to use an alternative provider, such as <a href="http://www.opendns.com/"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error"><span id="SPELLING_ERROR_6" class="blsp-spelling-error">OpenDNS</span></span></span></span></span></span></span></span></span></span></span></span></span></span></a>. I've been using both Time Warner and <span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error"><span id="SPELLING_ERROR_7" class="blsp-spelling-error">OpenDNS</span></span></span></span></span></span></span></span></span></span></span></span></span> in my home networking <span id="SPELLING_ERROR_9" class="blsp-spelling-corrected">environment</span> for years with great results. <span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error"><span id="SPELLING_ERROR_8" class="blsp-spelling-error">OpenDNS</span></span></span></span></span></span></span></span></span></span></span></span></span> also helps protect users from visiting known harmful and other inappropriate Internet sites.<br /></p><p>Much attention is put on specific, in-scope compliance issues within critical infrastructure organizations. The obvious twist is that even basic, persistent attacks increasingly are a factor in considering overall business risk to service and reputation. Additionally, <span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_12" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_11" class="blsp-spelling-error"><span id="SPELLING_ERROR_10" class="blsp-spelling-error"><span id="SPELLING_ERROR_9" class="blsp-spelling-error">cyber</span></span></span></span></span></span></span></span></span></span></span></span></span></span> security problems that affect non-operational, business network settings, also increase the risk of "pivot attacks" creating more serious operational issues that regulators and senior management are acutely concerned with.<br /></p><p>From a broader perspective, this issue saliently points out how even narrow, basic attacks can impact an organization and their customers. Critical infrastructure organizations risk even larger potential impacts steming from such issues- driving the need for ongoing cyber security improvements. </p><p></p>Orlando Stevensonhttp://www.blogger.com/profile/02449151162077284498noreply@blogger.com0