Software Integrity Blog

Archive for the 'Critical Infrastructure Security' Category

 

Achieve critical infrastructure security with modern networking

Our energy and water infrastructure holds up the world we know, but very few understand how delicate it can be. There is a constant demand to monitor and protect this infrastructure, whose components often have been running nonstop for decades, with few understanding how they work. This hole in the safety net that protects these […]

Continue Reading...

Posted in Critical Infrastructure Security

 

Smart devices, smart grids, and cyber security

A recent “Innovation Spotlight” in the IEEE XPLORE Digital Library announced “a first-of-its-kind charger that allows plug-in electric vehicles (PEVs) to deliver excess capacity to the power grid and recharge during off-peak hours.” Promising new technologies often evoke questions about security. Suppose a bad actor exploits the connection somehow and brings down portions of the […]

Continue Reading...

Posted in Critical Infrastructure Security, Government Security, Maturity Model (BSIMM), Security Standards and Compliance

 

Sirens in the night: Civil defense systems susceptible to legacy vulnerabilities

Legacy vulnerabilities are often old “features” that weren’t designed for modern use. Since every new day brings a new attack, it’s time to secure them.

Continue Reading...

Posted in Critical Infrastructure Security, Software Architecture and Design

 

Cyber attacks erase Saudi government data

The data on thousands of computers at the headquarters of the General Authority of Civil Aviation in Saudi Arabia was erased starting in mid-November by malware from “outside the country,” according to a state report. On Thursday, the state-run Saudi Press Agency confirmed that a series of cyber attacks on government systems, especially the transportation […]

Continue Reading...

Posted in Critical Infrastructure Security, Data Breach, Government Security

 

Securing IoT devices in the wake of last week’s Mirai malware attack

Last Friday, two major distributed denial-of-service (DDoS) attacks on Dyn’s Managed DNS infrastructure brought down the websites of over 80 internet giants, including Amazon, PayPal, and Twitter. The sophisticated attack involved tens of millions of IP addresses. Many of these addresses were associated with the open source Mirai botnet. The attack leveraged Internet of Things (IoT) […]

Continue Reading...

Posted in Critical Infrastructure Security, Internet of Things

 

Study suggests smart cities lack critical cyber security protections

A new survey of government IT officials faults smart cities with a lack of cyber security protection. A survey of 203 IT professionals working for state and local governments conducted by Tripwire finds 98% of government IT professionals see smart cities as not having adequate protection from cyber attacks. In particular, 27% faulted public Wi-Fi, […]

Continue Reading...

Posted in Archive, Critical Infrastructure Security, Government Security

 

Power meters vulnerable to remote attacks, says ICS-CERT

ICS-CERT says power meters from two manufacturers are vulnerable to remote cross-site request forgery attacks (CSRF) and/or compromise. In one advisory, ICS-CERT cited Schneider Electric’s ION Power Meter products. A remote attacker using CSRF could perform unauthorized actions on the affected devices, such as configuration parameter changes or saving modified configuration. Models affected include ION […]

Continue Reading...

Posted in Critical Infrastructure Security

 

Flaw in ASN.1 code library could impact every form of communications

A code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones contains a flaw that makes it possible to eavesdrop or disrupt entire networks. An advisory published Monday evening describes a flaw in the way most systems implement […]

Continue Reading...

Posted in Critical Infrastructure Security

 

Irongate attacks ICS Siemens Step 7 PLCs—Similar to Stuxnet

A new family of ICS-focused malware, dubbed Irongate, interferes with industrial process running within a simulated Siemens control system environment. Borrowing from Stuxnet, a new family of ICS-focused malware, dubbed Irongate, interferes with industrial process running within a simulated Siemens control system environment. Back in 2010, researchers found a sophisticated piece of malware called Stuxnet […]

Continue Reading...

Posted in Critical Infrastructure Security

 

Maritime vessels new targets for cyber attacks

New research suggests that maritime vessels are under significant threat of cyber-attack because they were not designed with cyber security in mind and carry outdated software. In a research paper published in Engineering and Technology Reference researchers from the Plymouth University’s Maritime Cyber Threats Research Group suggest that cyber attacks would most likely target systems […]

Continue Reading...

Posted in Critical Infrastructure Security