Cyber security round-up

TSA on pipeline security. New DHS CISA Act. NCCoE/NIST ICS cybersecutity demonstrator. Illusive pitches ‘deceptions everywhere' approach. CERT’s Cyobstract incident report tool. ClassNK and TUV Rheinland partner on offshore cybersecurity. Industrial Defender adds 'passive’ network monitoring. Kaspersky’s squeaky-clean Zurich data center.

The US Transportation Security Administration’s (TSA) has issued a 30 page report on pipeline security that includes a chapter on cybersecurity guidelines for natural gas and oil pipeline infrastructure.

The US House of Representatives has passed legislation creating the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). Once signed by the President, this will create a new agency and federal leader for cyber and physical infrastructure security.

The US National Cybersecurity Center of Excellence (NCCoE) has teamed with the NIST Engineering Laboratory on a demonstrator for ICS security through behavioral anomaly detection. The results are available as a draft NIST Internal Report (NISTIR) 8219. Visit the project homepage. A word of warning about NIST and other US government agencies. Last October, during the shutdown, the Computer Security Resource Center and all associated online activities were ‘unavailable until further notice’ due to a ‘lapse in government funding’. Open day for the hacking community?

Illusive’s ‘deceptions everywhere’ cyber security approach works by planting fake information throughout the environment. Within the first few moves of an attacker’s search-and-advance process, the attacker will inevitably try to use a false item, triggering an alarm and capturing a system snapshot for forensic analysis. Responders know that an Illusive alert requires immediate attention and can see how far the attacker has got and either can take immediate action or continue to observe and analyze the attacker’s activity. More from Illusive.

The Carnegie Mellon Software Engineering Institute’s CERT Division has released Cyobstract, an open source incident response tool. Cyobstract is designed to help analysts quickly and efficiently extract artifacts from any textual source or collection of sources, such as incident reports and threat assessment summaries. Cyobstract was trialed on a cyber security dataset of Department of Homeland Security incident reports. Download the Cyobstract library from GitHub. The SEI has also published a white paper titled, ‘Threat modeling: a summary of available methods’ that discusses twelve threat modeling methods targeting different parts of the development process. SEI has also released SEI-ACE for authentication and authorization of Internet of Things devices for use in edge environments. The SEI-ACE code is designed to run in resource constrained mission critical, Class 2 IoT devices, generally limited to around 50-250KB of storage.

ClassNK and TÜV Rheinland have concluded a worldwide partnership agreement for marine and offshore cybersecurity services. The partnership is to develop a maritime cybersecurity certification scheme.

A Leidos cybersecurity blog introduces new passive monitoring capabilities in its Industrial Defender ASM flagship. Many ICS/SCADA systems were developed and deployed before the evolution of today’s cybersecurity threats. Passive monitoring deploys non-invasive network sensors that capture communication between SCADA and PLC devices, looking for possible threats. An ASM REST API supports integration with third party applications.

In response to doubts about its Russian lineage, Kaspersky Lab has opened a data center in Zurich, Switzerland for its EU clients and launched a ‘Global Transparency Initiative’ to convince users that its technology is not being put to nefarious use. More from the Kaspersky Transparency Summit.

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.