Archive

Archive for April, 2009

SCADA/DCS Standards Bonanza

April 30, 2009 Leave a comment

Just going through a study that was made by the NSTB (National SCADA Test Bed ) and submitted to the Department of Energy back in 2005, Its really amazing to see how many standards can be applicable on any given Energy company..now with the huge dependency on TCP/IP in the SCADA environments..this is something that requires fast/rigorous actions on getting our act together and consolidating all these standards that are overlapping in sections as well as showing weaknesses in others an example would be that NERC didn’t give encryption enough credit while AGA really went for it.

I guess the currently under development ISA99 will go a long way in the right direction and thats because it was built with the best scope so far.I took the table from the NSTB report and updated it with the latest developments…you can see the updated version below.

SCADA standards  comparison Sheet

Advertisements
Categories: SCADA Security

Reviving LOGIIC

April 30, 2009 Leave a comment

LOGIIC (Linking the Oil and Gas Industry to Improve Cyber security) is a government and industry collaboration forum that started in USA back in 2006 to find ways that can help the oil and gas industry become more aware about security issues and reduce vulnerabilities in the process control systems. The proposed benefits included specialized and targeted R&D , influencing the technology providers to address security concerns in new products and to transition the research and ground breaking ideas into real world deployable solutions…I really dont know the current state or output of this project after 3 years of lunching the initiative,,,but i think its a really good idea that shouldn’t be narrowed to US based companies and US government agencies..Its a global problem and should be a global effort.

I know that other countries are going after similar initiatives including national sector working groups, specialized CERTs …etc , but this means that everyone is just working alone on the same problem..as some one from the oil and gas industry i know that “we all use the same applications with minimum or no changes”..some of the old SCADA/DCS that are still being used out there have hard coded passwords so those passwords are practically being shared across the globe. there are only 3-4 vendors that dominate the market and we better stand together as governments concerned about our nations sustainability to mandate and monitor the security in such critical assets.

A presentation about LOGIIC can be downloaded from this link

Categories: SCADA Security

Critical Electric Infrastructure Protection Act

April 30, 2009 Leave a comment

The US Senate announced that today will witness the introduction of this important ACT, this act shall give FERC (Federal Energy Regulatory Commission ) and DHS (Department of Home Land Security) the legislative powers and authority needed to over see the security and resiliency of the Electricity sector including the privately owned utility companies.

Basically the FERC will do the policies and standards and the DHS will investigate technically any compromises.

I believe this legislation will lead a wave of similar ACTs in other sectors and other countries as well. we cant afford self regulation in critical services like energy, self regulation ruined the economy and we shouldn’t tolerate the consequences of poor self regulation when it comes to IT security and resiliency of a nuclear power plant for example.

Chairman Thompson issued the following statement regarding the legislation:

“Any failure of our electric grid, whether intentional or unintentional would have a significant and potentially devastating impact on our nation. We must ensure that the proper protections, resources and regulatory authorities are in place to address any threat aimed at our power system. This legislation addresses these critical issues by providing a common sense approach to ensure continued security of the nation’s electric infrastructure,” Thompson concluded.

The Critical Electric Infrastructure Protection Act:

Provides authority to the Federal Energy Regulatory Commission (FERC) to issue emergency rules or orders if a cyber threat is imminent. These rules or orders may be issued after a finding by the Secretary of Homeland Security (in consultation with other national security agencies) that a national security threat exists.

Requires FERC to assess and establish interim standards deemed necessary to protect against known cyber threats to critical electric infrastructure.

Requires DHS to conduct an investigation to determine if the security of Federally-owned critical electric infrastructure has been compromised by outsiders.

Categories: SCADA Security

Check if your IP is infected with Conficker

April 29, 2009 Leave a comment

The Conficker Working Group (CWG) has published a really easy to use web tool that can help you check if your IP is infected with Conficker and IF you are infected then by which variant of the worm.
The visual tool is called the Conficker Eye Chart.. you can use it here.
The tool will feature 6 logos if your browser was able to show all of them..then you are fine.

Categories: SCADA Security

39 SCADA Vulnerability Plugins in Nessus

April 29, 2009 1 comment

Doing a simple search on Tenable security website to check on the newly released Nessus4 I found that it “Still” contains the good old 39 plugins posted under the SCADA family with no recent additions since late 2008. Most notably on the list are the Areva, Modicon, DP3 and Citec plugins.

I’m personally against publishing any of the new and more complex SCADA vulnerabilities as part of such a widely used commercial, point and click tool

why would a tool available for public download contain SCADA vulnerabilities. remember who uses SCADA systems!! (Energy, Water, Health, Transportation…etc ), what is the need to know basis here.

scada-nessus-plugins

Categories: SCADA Security

A BOF in the Stream Control Transmission Protocol (SCTP)

April 29, 2009 Leave a comment

A vulnerability has been published in the SCTP protocol widely used in the following systems which are used in some SCADA/DCS implementations:
* AIX Version 5
* Generic BSD with external patch at KAME project
* Cisco IOS 12
* DragonFly BSD since version 1.4
* FreeBSD, version 7 and above
* HP-UX, 11i v2 and above
* Linux 2.4/2.6
* QNX Neutrino Realtime OS, 6.3.0 and above
* Sun Solaris 10

The buffer over flow vulnerability ( leading to D.O.S ) exploits failure in validating the FWD-TSN packet. “The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065)”. you can read more about the exploit and download the attack code in C. here Thanks to http://kernelbof.blogspot.com/

Conficker Hits Critical Medical Equipments

April 28, 2009 Leave a comment

Full Article can be found here

The Conficker worm infected several hundred machines
and critical medical equipment in an undisclosed number of hospitals
recently, a security expert said on Thursday in a panel at the RSA
security conference.
“It was not widespread, but it raises the awareness of what we would do
if there were millions” of computers infected at hospitals or in
critical infrastructure locations, Marcus Sachs told CNET News after the
session. Sachs is the director of the SANS Internet Storm Center and a
former White House cybersecurity official.
It is unclear how the devices, which control things like heart monitors
and MRI machines, and the PCs got infected, he said. The computers are
older machines running Windows NT and Windows 2000 in a local area
network that was not supposed to have access to the Internet, however,
the network was connected to one that has direct Internet access and so
they were infected, he said.
Conficker spreads via networked computers as well as through removable
storage devices and a hole in Windows that Microsoft patched in October,
but these machines were too old to be patched, according to Sachs.