Cyber security round-up

EU cloud security. Industrial Defender, NCCoE, ACI news. Tofino on ‘good, bad and ugly’ SCADA patching.

The European Network and Information Security Agency has published a guide to critical information infrastructure protection in the context of cloud computing. Such a concentration of resources is a ‘double edged sword,’ while cloud providers can deploy state of the art security, if a breach does occur, the consequences could be major. The 30 page report cites the digital oilfield as ‘at risk.’

A new white paper from Industrial Defender, ‘Protecting intellectual property theft from industrial control systems,’ warns of the risk of IP loss from hackers accessing control systems. While less high profile than outright attacks on the plant, such intrusions may be harder to detect. The publication offers mitigation techniques and advocates ‘log, log, logging’ to backtrack through an eventual breach.

The US has set up a National Cyber-security Center of Excellence (NCCoE) in Rockville, Maryland. The public-private partnership is hosted by the NIST with partners Cisco, HP, Intel and Microsoft. Senate appropriations committee chair, Senator Barbara Mikulski described Maryland as ‘the global epicenter of cybersecurity.’ Visit the NCCoE.

Over the state line in Arlington, Virginia, the Division of Advanced Cyber Infrastructure of the national Science Foundation is encouraging collaboration with China-based researchers to develop a ‘framework for developing shared software infrastructure.’

Tofino Securities’ Eric Byres has been blogging on ‘Patching for SCADA and ICS security, the good, the bad and the ugly.’ The ‘ugly’ part comes from the realization that around 20% of fixes are ‘incorrect’ and of these 40% result in ‘crashes, hangs, and data corruption.’ According to Kevin Hemsley of ICS-CERT, 2011 saw a 60% failure rate in patches that were supposed to fix reported control system vulnerabilities.

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.