|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (NewsBites
sans.org)
Date: Tue Dec 11 2007 - 17:34:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you work on security of control systems in the critical
infrastructure, you'll want to see the first story today and the new
agenda for the January workshop in New Orleans (Jan 16-17). The agenda
is at the end of this issue, and it has completely changed, in part
because of the regulatory change reported in today's first story. This
will be the best meeting held to date on security of control systems
because it will provide information unavailable anywhere else: starkly
illuminating the actual threat, identifying which mitigations actually
work, and providing a survival kit for practitioners. The program is
posted at http://www.sans.org/scada08_summit
Alan
PS The SCADA and Process Control Security meeting will be held during
the last, large winter cyber security training conference. Information
on the training courses at: http://www.sans.org/info/15471
*************************************************************************
SANS NewsBites December 11, 2007 Vol. 9, Num. 97
*************************************************************************
TOP OF THE NEWS
FERC Trumps NERC CIP Standards: To Require Reporting on Actual Progress
on Securing Systems
Case Studies of Success in the War of Cybercrime
Memo Indicates China Link to National Lab Network Intrusions
Autonomy Threatens Legal Action Over Vulnerability Disclosure
THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
Alleged Wireless Hijacker and Extortionist Arrested
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
Russian Chat Bots Gather Information
November Skype Update Fixes Remote Code Execution Flaw
MP4 Codec Flaw Affects Media Players
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
Tricare Europe Customers Notified of Data Security Breach
Bank Customer Data on Stolen Laptop
Thieves Steal Data Center Equipment
MISCELLANEOUS
Australian Man Allegedly Posted Phony Attack Warning
Fasthosts Changes Customer Passwords in Wake of Breach
LIST OF UPCOMING FREE SANS WEBCASTS
AGENDA for the SCADA and Process Control Summit
*********************** Sponsored By ArcSight, Inc. *********************
Free Whitepaper: ArcSight Perspectives on Risk
Cyber attacks. Incident management. Legal issues. Security trends. The
subjects are diverse, but the one powerful message is that security is
the most important issue your company faces. Learn to make better
decisions about risk management with this comprehensive collection of
articles. Brought to you by ArcSight, the leader in compliance and
security management.
http://www.sans.org/info/20641
*************************************************************************
TRAINING UPDATE
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS'
other top-rated courses?
- - Washington DC (12/13-12/18): http://www.sans.org/cdi07
- - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************
TOP OF THE NEWS
--FERC Trumps NERC CIP Standards: To Require Reporting on Actual
Progress on Securing Systems
(11 December 2008)
The Federal Energy Regulatory Commission (FERC) issued notice that it
intends to immediately issue a directive requiring all generator owners,
generator operators, transmission owners and transmission operators
registered by NERC (North American Electric Reliability Corp.) to
provide information detailing the actions they have taken or intend to
take to protect against key cyber vulnerabilities.
http://money.cnn.com/news/newsfeeds/articles/newstex/AFX-0013-21569682.htm
[Editor's Note (Paller): This is a stunning development. NERC's cyber
security standards were coming to be seen as almost totally ineffective.
FERC's action will immediately shift industry action from NERC's focus
on compliance to a new focus on actually improving security and proving
the work is done. Kudos to Chairman Langevin and Ranking Member McCaul
of the House Homeland Security Subcommittee on Emerging Threats and
Cyber Security whose recent hearings illuminate the problems at NERC.
Without their leadership, and the active efforts of Mike Peters at FERC,
this important action would not have happened until after a major
catastrophe.
How to navigate the new rules will be a key topic at the SCADA and
Control System Security Workshop in January in New Orleans.
See: http://www.sans.org/scada08_summit ]
--Case Studies of Success in the War of Cybercrime
(December 10, 2007)
A SANS Consensus Document details measurably successful projects that
US government agencies have undertaken to implement the National
Strategy to Secure Cyberspace. The projects included have had
measurable, proven success in preventing attacks on US critical
infrastructure, reducing US vulnerability to cyber attacks and
minimizing the damage from attacks that do occur. The paper was posted
on December 10 for a 29-day comment period.
http://www.sans.org/fedsuccesses/
[Editor's Note (Honan): Too often the only stories relating to
information security we read are bad news stories. This paper is a good
read and provides some interesting insights, guidelines and indeed case
studies that could strengthen your own business case for more
resources.]
--Memo Indicates China Link to National Lab Network Intrusions
(December 8 & 10, 2007)
A confidential US Department of Homeland Security (DHS) memo obtained
by the New York Times indicates that the recently disclosed attack on a
computer system at Tennessee's Oak Ridge National Laboratory may have
come from China. The memo does not say that the attack came from the
Chinese government or even from Chinese citizens. Attackers appear to
have used phishing emails with malicious attachments to gain access to
the computer system. The laboratory says the attackers did not access
any classified information; they did infiltrate a database containing
personally identifiable information of laboratory visitors. The
intruders may have attempted to access networks at other national labs
and institutions as well.
http://www.nytimes.com/2007/12/09/us/nationalspecial3/09hack.html?ei=5088&en=2ce50e252c1ad4ef&ex=1354856400&partner=rssnyt&emc=rss&pagewanted=print
http://www.securityfocus.com/brief/641
[Editor's Note (Pescatore): Data by managed security service providers
typically shows 3-5 times as many attacks originate in the US as in
China. Hyping up the source of the attack makes for breathless headlines
but ignores the real security problems - the glaring vulnerabilities
routinely left open. If you close the vulnerability, it doesn't matter
if the attackers are bored teenager or cyber-criminals - they aren't
getting in.]
--Autonomy Threatens Legal Action Over Vulnerability Disclosure
(December 6, 2007)
Autonomy has threatened Secunia with legal action if Secunia goes ahead
with its plan to publicly disclose a vulnerability that affects some
versions of Autonomy's KeyView Software Development Kit (SDK). Autonomy
patched the flaw nine months ago, but maintains that a public disclosure
would confuse people. Secunia had contacted Autonomy to ask which
versions of its SDK were vulnerable to the flaw. The same hole exists
in IBM's Lotus Notes; it has only recently been patched. Another letter
from Autonomy also threatened legal action if Secunia had obtained
Autonomy's source code illegally.
http://www.channelregister.co.uk/2007/12/06/autonomy_secunia_dust_up/print.html
http://www.securityfocus.com/brief/640
[Editor's Note (Schultz): Developments such as this one are bound to
become more commonplace in time. The announcement of a vulnerability in
a vendor product, especially a serious one, by an entity other than the
vendor can substantially affect customer relations, public perception
of the product, and more. ]
************************* Sponsored Links: ***************************
1) ALERT: "How a Hacker Launches a LDAP Injection Attack Step-by-Step"-
White Paper http://www.sans.org/info/20646
2) FREE Webcast "Network Visibility-The Key to PCI Compliance." Learn
how to get the security, visibility, accountability and measurability
necessary to achieve PCI compliance. http://www.sans.org/info/20651
3) Clean Up Your Firewall Rules of Clutter. Maximize Security. Optimize
Performance. Free AlgoSec White Paper. http://www.sans.org/info/20656
*************************************************************************
THE REST OF THE WEEK'S NEWS
LEGAL MATTERS
--Alleged Wireless Hijacker and Extortionist Arrested
(December 10, 2007)
Police in Australia have arrested a man who allegedly hijacked other
people's wireless networks to send extortion emails. The threatening
messages were manipulated so they appeared to come from someone other
than the true sender. The man has allegedly hijacked at least 12
different wireless home networks. Police were able to arrest the man
after he made demands that money be delivered to him in a certain
location. He has been charged with attempted extortion and sending
phony messages.
http://www.news.com.au/heraldsun/story/0,21985,22898696-5005961,00.html
WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
--Russian Chat Bots Gather Information
(December 10, 2007)
An artificial intelligence program circulating in Russian chat forums
flirts with human users in an attempt to get them to divulge personally
identifiable information. People have fallen prey to CyberLover because
it is difficult for them to tell that they are not talking with a real
person. The program can create up to 10 relationships in 30 minutes,
and assembles dossiers for each relationship that include names, contact
information and photographs. So far, CyberLover has just been spotted
in Russian chat rooms, but others are urged to use caution while
chatting.
http://www.zdnetasia.com/news/security/printfriendly.htm?AT=62035388-39000005c
[Editor's Comment (Northcutt): In Alan Turing's defense, when he wrote
"Computing Machinery and Intelligence" he had no possibility of
envisioning a time of such universal access to computing and the
Internet, and that computing programs would be able to interact with
humans using computers that had double digit IQs. Where does this end?
In the remake of Guess Who's Coming to Dinner, will Dr. Prentice be a
Second Life Avatar? Say it ain't so. Use a bit of caution before
repeating this news story to people you want to respect you, I was not
able to find the source document and most of the posts appear to be
picking up from other news stories. I did find one blog with a
screenshot that is allegedly the tool, but to fall in love with it, you
must think in Russian. URLs further explaining my somewhat cryptic note
are shown below:
http://www.webuser.co.uk/news/news.php?id=166536
http://weblogs.sqlteam.com/markc/archive/2004/06/24/1669.aspx
http://loebner.net/Prizef/TuringArticle.html
http://en.wikipedia.org/wiki/Guess_Who%27s_Coming_to_Dinner ]
--November Skype Update Fixes Remote Code Execution Flaw
(December 6 & 10, 2007)
A Skype update released on November 15, Skype 3.6.0.216, addressed a
buffer overflow flaw in the Skype4COM URI handler that could allow
remote code execution. Attackers could exploit the flaw through
maliciously crafted websites. The vulnerability is known to exist in
Skype 3.5.0.239, and may also affect earlier versions. A Skype
spokesperson has apologized for the "unintentional communication
oversight" of not notifying customers of the fix sooner.
http://www.theregister.co.uk/2007/12/10/skype_stealth_update/print.html
http://www.zerodayinitiative.com/advisories/ZDI-07-070.html
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9052118&source=rss_topic17
--MP4 Codec Flaw Affects Media Players
(December 8 & 10, 2007)
A December 8 alert from Symantec warned that exploit code for a flaw in
an MP4 codec had been released. The flaw could be exploited to execute
arbitrary code. The exploit reportedly works against Windows Media
Player (WMP) 6.4, and it is possible that other versions are affected
as well. The vulnerable codec is present in WMP, WMP Classic, and
Winamp Media Player. There is presently no patch available for the
vulnerability. Symantec's alert urged users to remove the codec until
fixes are available.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9051959&source=rss_topic17
http://www.theregister.co.uk/2007/12/10/3ivx_mp4_vuln/print.html
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
--Tricare Europe Customers Notified of Data Security Breach
(December 10, 2007)
Approximately 4,700 households that submitted health insurance claims
through the Tricare Europe office are being notified that their
personally identifiable data, including Social Security Numbers (SSNs),
names, dates of birth, and medical diagnoses associated with the claims
were possibly compromised. The breach affects claims made since 2004;
many of those affected no longer live in Europe. Tricare learned of the
breach on November 7 from Electronic Data Systems (EDS), which maintains
the breached claims website for Tricare. Letters were sent to affected
households on December 4. EDS has made changes to its system to enhance
security. "TRICARE management Activity is a Department of Defense
program that administers the healthcare plan for the Uniformed Services,
retirees, and their families."
http://www.airforcetimes.com/news/2007/12/military_tricarebreach_071207w/
http://www.tricare.mil/TAOeuropeBreach.cfm
http://www.tricare.mil/pressroom/news.aspx?fid=350
--Bank Customer Data on Stolen Laptop
(December 7, 2007)
A laptop computer stolen from a Citizens Advice Bureau employee's car
in Ireland contains personally identifiable information belonging to as
many as 60,000 individuals. The data include bank account numbers,
National Insurance numbers, names, addresses and dates of birth of
people who contacted CAB for advice; the data were encrypted. The chief
executive of Ireland CAB has apologized to affected customers. The data
pertain to people from the Belfast area and go back four or five years.
http://www.guardian.co.uk/uklatest/story/0,,-7135536,00.html
--Thieves Steal Data Center Equipment
(December 7 & 10, 2007)
Thieves dressed as police told employees at a Verizon data center in
Kings Cross in London that they were looking into reports of people on
the roof of the building. The thieves then tied up the employees and
stole computer hardware from the facility. The data center is used by
a number of financial institutions.
http://www.theregister.co.uk/2007/12/07/verizon_datacentre_robbery_investigation/print.html
http://news.hereisthecity.com/news/business_news/7338.cntns
http://www.zdnet.co.uk/misc/print/0,1000000169,39291411-39001093c,00.htm
[Editor's Note (Pescatore): Even in credit card fraud, losses due to
physical attacks still outweigh those due to cyber-attacks. If you are
outsourcing hosting or data centers, make sure the provider has paid
attention to physical security. The BITS group has put together a decent
set of assessment guidelines for outsourcers - see
http://www.bitsinfo.org/FISAP/index.php]
MISCELLANEOUS
--Australian Man Allegedly Posted Phony Attack Warning
(December 9, 2007)
A Melbourne, Australia man has been identified as the culprit in a hoax
blog posting that sent Los Angeles police on a manhunt. Jarrad Willis
allegedly posted a warning of a shooting at a shopping center in Beverly
Hills; police, concerned about a copycat attack just days after the
shooting at a mall in Omaha, Nebraska, took the warning seriously. In
all, police estimate the effort cost them US $100,000; they plan to seek
compensation. Willis has been arrested and his computer seized.
http://www.smh.com.au/news/web/web-threat-from-melbourne-spooks-lapd/2007/12/08/1197135325393.html
--Fasthosts Changes Customer Passwords in Wake of Breach
(December 6 & 7, 2007)
UK web hosting company Fasthosts has apologized to its customers for a
situation that left many without service. A security breach prompted
Fasthosts to change all its users' passwords; new passwords were sent
through the regular mail. Customers have been unhappy because they
could not update their sites until they receive the new passwords. After
becoming aware of suspicious activity related to some customer accounts,
Fasthosts imposed the mandatory password change on customers who did not
change their passwords after they were urged to do so following a
security breach in October.
http://www.vnunet.com/vnunet/news/2205313/fasthosts-apologises-customers
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3007298.ece
LIST OF UPCOMING FREE SANS WEBCASTS
Internet Storm Center: Threat Update
WHEN: Wednesday, December 12, 2007 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKER: Johannes Ullrich and John Weinschenk
http://www.sans.org/info/20062
Sponsored By: Cenzic
This monthly webcast discusses recent threats observed by the Internet
Storm Center, and discusses new software vulnerabilities or system
exposures that were disclosed over the past month. The general format
is about 30 minutes of presentation by senior ISC staff, followed by a
question and answer period.
Internet Storm Center: Threat Update
WHEN: Wednesday, January 9, 2007 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKER: Johannes Ullrich
http://www.sans.org/info/20067
Sponsored By: Core Security
This monthly webcast discusses recent threats observed by the Internet
Storm Center, and discusses new software vulnerabilities or system
exposures that were disclosed over the past month. The general format
is about 30 minutes of presentation by senior ISC staff, followed by a
question and answer period.
SANS Special Webcast: Things That Go Bump in the Network: Embedded Device Security
WHEN: Thursday, January 24, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURED SPEAKER: Paul Asadoorian
http://www.sans.org/info/20087
Sponsored By: Core Security
Embedded devices come into your network and appear in many different
forms, including printers, iPhones, wireless routers and network-based
cameras. What you might not realize is that these devices offer unique
opportunities for attackers to do damage and gain access to your network
- - and to the information it contains. This webcast will review known
embedded device vulnerabilities and cover how these vulnerabilities can
be used to gain control of devices, networks, and data - and, more
importantly, what can be done about it.
*************************************************************************
The 2008 SCADA and Process Control Summit
http://www.sans.org/scada08_summit
Ten Questions for the Summit
1. What is the actual threat picture for control systems users today?
Who are the attackers? What have they already done? What can they do?
2. Exactly how do attackers penetrate the defenses that have been
established by most control system users?
3. What techniques are the most advanced control systems users
implementing to mitigate the threat?
4. What are the principal vulnerabilities in control systems and how
should they be prioritized for mitigation?
5. What are the most effective ways to mitigate the Aurora vulnerability
for large and small asset owners? (This session is open to full time
employees of critical infrastructure asset owners; proof of employment
is necessary.)
6. Which SCADA security research projects have shown useful results? How
can asset owners put those findings to work?
7. Which control system vendors have made the most progress on
implementing the new standards for secure configuration of their
products?
8. How can you participate in private (non-governmental) information
sharing activities with other asset owners in your industry?
9. What tools have governments developed that makes security of control
systems more effective and efficient?
10. How can utilities educate their Public Utility Commissions so that
investments in cyber security may be included in the rate base.
Plus you'll receive the Control System Security Survival Kit consisting
of materials that you can use to educate your executives and help plan
and implement a control system security program.
The organizing committee
Mike Assante, Rita Wells, and Gary Finco of Idaho National Laboratories
Cheri McGuire and Vishant Shah, of the US Department of Homeland Security
Ciaran Osborn, UK Center for the Protection of National Infrastructure (CPNI) in the United Kingdom
Hank Kenchington, US Department of Energy
Will Pelgrin, New York State and the Multi-State ISAC
Mark Weatherford, CISO, State of Colorado
Marc Sachs, Verizon
Alan Paller, SANS Institute
The agenda
SANS Process Control and SCADA Security Summit - Agenda
Tuesday, January 15
5pm - 8pm
Welcome Reception and Registration
Wednesday, January 16
7:30am - 8:30am
Breakfast
8:30am - 9:45am
Keynote Panel - How real is the threat and how is it changing? (Jason
Larsen, IOActive, Alan Paller, SANS Institute; a third speaker)
This panel provides three realistic and complementary views of the cyber
threat to control systems and the critical infrastructures they manage.
First you will hear the newest information that governments have learned
about the threat actors and their goals and methods. Second you will see
how the current wave of extortion has hit utilities through compromises
of control systems. Finally you will get a clearer picture of the future
of cyber attacks on control systems from someone who has listened in on
what the cyber criminal community is discussing on their private
channels and what exploits they are trading.
9:45 am - 10:00am
Break
10:00am - 11:00pm
Keynote Panel: Penetration Testing: How the Attackers Get Through Your
Defenses
(Jeff Fay, Patch Advisors; Jonathan Pollet, Industrial Defender; and
Jason Larsen, IOActive)
In 2007, executives in critical infrastructure industries (especially
electric utilities) have demanded independent assessments of how well
their systems and networks can withstand cyber attacks. This panel
includes three of the people most often called in to test those systems
to determine whether they can be penetrated and how. These expert
penetration testers will help you see exactly where the holes are and
how they can bypass your defenses.
11:00 pm - 12:00 pm
Keynote Panel: Asset Owners: How To Implement Security Effectively
Without Impacting Reliability: Lessons from the Trenches at BP, Southern
Co., and PacifiCorp. (Paul Dorey, Larry A. Spoonemore, Patrick Miller)
Control system owners sometimes claim it is impossible to keep the
systems patched, to filter traffic, to turn off unneeded services
without breaking the systems. In this panel you will learn that much
of that talk is often wrong. Led by the Chief Information Security
Officer of BP, this panel demonstrates leadership by example,
organizations that have found ways to keep patches up to date and
implementing other processes needed to improve security, all without
impacting reliability.
12:00 pm - 1:15pm
Lunch break
1:15 pm - 2:15pm
The Most Critical Vulnerabilities in Control Systems: Findings from the
National SCADA Test Bed and the Control Systems Security Project
(Rita Wells, Idaho National Laboratory)
Extensive testing of control systems from more than a dozen vendors has
uncovered significant numbers of vulnerabilities. In this session INL's
Rita Wells will show you each of the most important vulnerabilities and
will tell you which ones could lead to the most damage if exploited and
are hardest to correct. She'll also show you what can be done about each
of them.
2:15 pm - 3:15 pm
Information Sharing in Critical Infrastructure Security: How electric
utilities in the West have found ways to work together to share
experiences and best practices? (Stacy Bresler, Pacificorp, and Seth
Bromberger, PG&E)
Organizations that are part of the critical infrastructure often find
themselves on their own in cyber security. They get little they can use
from government and their peers don't share what they are learning. But
a group of utilities in the Western United States has solved that
problem with an innovative organization that has an enviable record of
sharing very sensitive information and making security easier for all
its members. Two of the participants in that group with tell you about
their experiences and share the formula that made it successful. They
will also be available to help you plan similar organizations in your
industry and your region of the country or world.
Also how can smaller producers protect their systems with help from the
larger utilities? The PGE Testbed.
3:15pm - 3:30pm
Break
3:15pm - 3:45pm
How can you build partnerships between control system engineers and IT
security professionals? (Seth Johnson of Santa Clara Valley Water
District)
When IT Security and control systems engineers do not work together, the
company suffers. This session presents a model that worked in one
utility to bring the two groups together and make sure they were
supporting one another.
3:45pm - 5:00pm
The most valuable research projects in SCADA security (Ulf Lindqvist,
SRI International, Sean Kujawa, Shell Global Solutions; David Nicol,
University of Illinois at Urbana-Champaign; Tom Stogdale, Matrikon;
Michael Kinder, Technical Support Working Group (TSWG); Vincent Berk and
George Cybenko, Process Query Systems LLC)
This session consists of five research briefs: (1) Intrusion Detection
Technologies within Process Control. (2) The TCIP Testbed for Power Grid
Security. (3) Commercialization of the RiskMAP Technology. (4) SCADA
Cyber Attack Alert Tool (CAAT). And (5) Temporal-Structural Security
Event Correlation with PQS. The sessions are very short but provide you
with sufficient information to know which longer briefing you want to
attend in the evening session beginning at 6:30 PM. (Night life in New
Orleans doesn't start until later so you have time for both.)
5:00pm - 8:00pm
- - Vendor Hospitality Suites
- - Birds of a Feather Sessions for Oil & Gas, Water, and Electric Power
Generation and Distribution
6:30pm - 9:00pm
Research Presentations expanding on the late afternoon briefings and
allowing ample time for discussion.
Thursday, January 17
7:30am - 8:30am
Breakfast
8:30am - 9:30am A SPLIT SESSION
Session A: Mitigations for the Aurora Vulnerability (exclusively for
full-time employees of companies and government agencies in the critical
infrastructure) (Tim Roxey, Constellation Energy; Seth Bromberger,
PG&E; and Mike Assante, INL))
Tim Roxey has been the leader among US asset owners in identifying and
validating mitigations for the Aurora vulnerability highlighted on CNN.
In this briefing he provides specific mitigation strategies for both
small and large organizations. If you work in the critical
infrastructure and have an IT security or control system engineering
role, this is a very important session. Tim will be assisted by Seth
Bromberger and Mike Assante who have also played key roles in
development of mitigation strategies.
Session B: The Three Faces of Cyber Crime: who is attacking, how they
are getting in, what they are doing once they get in, and the innovative
programs that have been developed to stop them. (Alan Paller, SANS)
Regularly updated versions of this briefing have been the highest rated
presentations at every conference in which they were presented in 2007.
The insider's view you'll hear in this presentation is not available
from any other speaker outside of classified settings.
9:30am - 9:50 am
Break
9:50am - 11:00am
We're From the Government and We're Here to Help You (Cheri McGuire,US
Department of Homeland Security; Hank Kenchington, US Department of
Energy; Ciaran Osborn, UK Centre for Protection of National
Infrastructure; Keith Stouffer, US National Institutes of Standards and
Technology
Governments have spent hundreds of millions of dollars on cyber security
and have many products to show for their investments. In this panel
leaders of the US and UK government cyber security efforts will show you
what they have accomplished and point you to specific resources and
tools that are of particular value to control system asset owners in the
critical infrastructure. As part of this session, Keith Stouffer will
also share information and answer questions about NIST's new
publication, 800-82, that he helped author, called "Guide To Industrial
Control System (ICS) Security."
11:00am - 12:00noon
The Revolution in the CIP Standards for Control Systems Security In
Electric Utilities: FERC's new mandate and how best to navigate the
changing landscape (Tim Roxey, Constellation Energy; plus a consultant
who implements CIP security for public utilities, and a representative
from NERC has been invited)
The CIP standards, under intense Congressional scrutiny in the fall of
2007, have come up short, being characterized as "inadequate for
protecting critical national infrastructure" according to a
NIST-commissioned technical review). Now (on December 11, 2007) the
FERC has changed the rules. This session will help you understand what
went wrong originally, what FERC has done, and how best to meet the
requirement so you actually protect your systems.
12:00pm - 1:15pm
Lunch
1:15 pm - 2:15 pm
The Updated Control System Procurement Standards: How to buy control
systems with security baked in. (Mike Assante, INL; Will Pelgrin, New
York State; Ciaran Osborn, UK CPNI)
Utilities all over the world have adopted part or all of the new control
system security procurement standards sponsored by the Department of
Homeland Security and developed by Idaho National Labs. In this session
you'll hear about he five new categories that have been added: Remote
Access (Dial-up Modems; Dedicated Line and Dial-up Modems; TCP/IP;
Web-based Interfaces; Virtual Private Networks; Serial Communication
Security); Physical Security (Physical Access; Physical Perimeter
Access; Manual Override Control; Intra-perimeter Communications);
Network Partitioning (Network Devices; Network Architecture); and
Wireless Technologies (Bluetooth; Microwave and Satellite; 802.11;
ZigBee) They'll also discuss advances in worldwide adoption -
especially in Europe and directions that the standards will go in the
future.
2:15pm - 3:15pm
How To Upgrade The Security Of The Control Systems You Already Own? (Joe
Bucciero, KEMA; Paul Skare, Siemens, and one other control system vendor
to be named)
In this session innovative the largest control system integrator joins
with leading vendors to show how you can use tools and techniques
available today to implement the security improvements detailed in the
Scada procurement standards. They'll share the innovations they have
added to their product lines and answer questions about what is and is
not possible today.
3:15pm - 3:30pm
Break
3:30 - 4:30
Selling Security to Top Management and to Public Utility Commissions and
the SCADA Security Survival Kit (The Conference Faculty and a Public
Utility Commission manager)
This session attempts involves a large amount of audience interaction
to try to answer two of the more difficult questions facing utility
managers interested in improved cyber security. It looks first at the
work that has been done, particularly by the Australian government, in
how to gain top management support for cyber security improvements.
Then it turns to the tougher question of how to get the Public Utility
Commissions to include security in the rate base so that security costs
can be recovered. Finally the session closes with a review of the
contents of the SCADA Security Survival Kit.
Register now at http://www.sans.org/scada08_summit
*************************************************************************
The Editorial Board of SANS NewsBites
Eugene Schultz, Ph.D., CISM, CISSP is CTO of High Tower Software and the
author/co-author of books on Unix security, Internet security, Windows
NT/2000 security, incident response, and intrusion detection and
prevention. He was also the co-founder and original project manager of
the Department of Energy's Computer Incident Advisory Capability (CIAC).
John Pescatore is Vice President at Gartner Inc.; he has worked in
computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and currently serves
as President of the SANS Technology Institute, a post graduate level IT
Security College, www.sans.edu.
Johannes Ullrich is Chief Technology Officer of the Internet Storm
Center.
Howard A. Schmidt served as CSO for Microsoft and eBay and as Vice-Chair
of the President's Critical Infrastructure Protection Board.
Ed Skoudis is co-founder of Intelguardians, a security research and
consulting firm, and author and lead instructor of the SANS Hacker
Exploits and Incident Handling course.
Tom Liston is a Senior Security Consultant and Malware Analyst for
Intelguardians, a handler for the SANS Institute's Internet Storm
Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS
Institute. He has written five books, including Insider Threat and he
is a senior Lockheed Martin Fellow.
Bruce Schneier has authored eight books -- including BEYOND FEAR and
SECRETS AND LIES -- and dozens of articles and academic papers. Schneier
has regularly appeared on television and radio, has testified before
Congress, and is a frequent writer and lecturer on issues surrounding
security and privacy.
Mason Brown is one of a very small number of people in the information
security field who have held a top management position in a Fortune 50
company (Alcoa). He is leading SANS' global initiative to improve
application security.
Marcus J. Ranum built the first firewall for the White House and is
widely recognized as a security products designer and industry
innovator.
Mark Weatherford, CISSP, CISM, is the Chief Information Security Officer
for the State of Colorado.
Alan Paller is director of research at the SANS Institute
Clint Kreitner is the founding President and CEO of The Center for
Internet Security.
Rohit Dhamankar is the Lead Security Architect at TippingPoint, a
division of 3Com, and authors the critical vulnerabilities section of
the weekly SANS Institute's RISK newsletter and is the project manager
for the SANS Top20 2005 and the Top 20 Quarterly updates.
Koon Yaw Tan is Assistant Director at Monetary Authority of Singapore
(MAS) and a handler for the SANS Institute's Internet Storm Center.
Gal Shpantzer is a trusted advisor to several successful IT outsourcing
companies and was involved in multiple SANS projects, such as the
E-Warfare course and the Business Continuity Step-by-Step Guide.
Brian Honan is an independent security consultant based in Dublin,
Ireland.
Roland Grefer is an independent consultant based in Clearwater, Florida.
Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFHXxkF+LUG5KFpTkYRAvn2AJ91nXQ5xt8p0huie4/LLS8/GsXdCQCfXMnX
jX0pJQtBcr6zdWKMl0qfwfI=
=3UtU
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]