Cyber security round-up

Barracuda Networks and SCADAFence team. NIST CCoE on energy asset cyber security. NIST on IoT cyber sec. NIST on mitigating software vulnerabilities. WindRiver Opto22 and the URGENT/11 scada flaw. Schneider Electric and ISA Global Cybersecurity Alliance. Siemens on cybersecurity in the cold!

California-based Barracuda Networks and Israel-based SCADAfence have announced a joint cyber security solution spanning operational technology, critical infrastructure and smart buildings. The combination of Barracuda’s CloudGen firewall with SCADAfence offers OT threat detection and automated enforcement to improve incident response. More from Barracuda.

A new, 144-page publication from NIST and the Cybersecurity Center of Excellence titled ‘Energy sector asset management for electric utilities and oil & gas’ offers advice on how energy organizations can identify and manage OT assets and detect associated cybersecurity risks. Special Publication 1800-23 is available free of charge from NIST.

NIST has also published NISTIR 8228 titled ‘Considerations for managing internet of things cybersecurity and privacy risks’. The report covers high-level goals for risk mitigation in terms of device security, data security and individual privacy. This report is first in a planned series of publications on such topics More from NIST.

A draft cybersecurity white paper from, you guessed it, NIST addresses ‘Mitigating the risk of software vulnerabilities with a secure software development framework (SSDF)’. The white paper recommends that a core set of high-level secure software development practices be added to the software development lifecycle. The approach addresses development in information technology, industrial control systems, cyber-physical systems and the internet of things. The white paper is a phenomenal Collection of Acronyms (CoA). Read it here.

Following the outbreak of the Urgent/11 vulnerabilities in Wind River’s VxWorks IPnet TCP/IP stack, Opto 22 has assured customers that its products, including the Groov Epic edge programmable industrial controllers and SNAP PAC Systems, are not affected by the vulnerabilities. More on the Urgent/11 vulnerabilities from Wind River and from IoT security specialist Armis.

Schneider Electric is the first ‘founding member’ of the newly formed International Society of Automation (ISA) Global Cybersecurity Alliance. The Alliance sets out to advance cybersecurity readiness and awareness in manufacturing, critical infrastructure facilities and processes. The goal is to extend the ANSI/ISA/IEC 62443 series of standards to relevant markets and to help specific verticals apply the standards. The standards define requirements and procedures for implementing electronically secure automation and control systems and security practices and for assessing electronic security performance. Other founding members include Claroty, Nozomi, Johnson Controls, Rockwell Automation and Honeywell.

No, it’s not a misprint, Siemens has announced an industrial application hosting platform for cybersecurity in the cold! The new Ruggedcom Application Processing Engine (APE) is an industrial application hosting platform designed for running third party software applications in harsh, mission-critical environments. The Ruggedcom APE server is certified for operations in temperatures down to -40° C (or °F which is the same thing!).

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.