Kaspersky Lab has launched a new global computer emergency response team (CERT) focusing on industrial control systems (ICS).
Through the Kaspersky Lab ICS-CERT, the security firm wants to share its knowledge and experience in securing industrial systems and coordinate the exchange of information between stakeholders.
Officially launched last month, the new initiative aims to provide information on the latest threats, vulnerabilities, security incidents, mitigation strategies, incident response, compliance and investigations. Since it’s a non-commercial project, the Kaspersky Lab ICS-CERT will offer information and services free of charge.
Kaspersky has invited ICS product vendors, government agencies, critical infrastructure operators, and other types of entities to join its initiative.
The services offered by the company through its ICS-CERT can help organizations determine if they are compliant with state and industry regulations, learn about vulnerabilities in the software and hardware components they use, conduct a general assessment of their ICS network, perform penetration testing, and analyze malicious files and artifacts collected following an attack.
The Kaspersky Lab ICS-CERT website also shares vendor advisories, media coverage focusing on ICS-related incidents, and information on how and where the latest ICS attacks took place.
“Today’s approach to cybersecurity highlights the importance of accumulating intelligence on the latest threats, in order to develop protection technologies. This is especially true for industrial infrastructure, which has specific threats, highly customized hardware and software, and strict requirements for reliability,” said Andrey Doukhvalov, head of future technologies and chief security architect at Kaspersky.
“As a security vendor, we have years of experience analyzing threats and helping industrial operators with threat prevention and detection, incident response, staff training, and the prediction of future attack vectors. We are confident that sharing intelligence, or, in a broader way, exchanging knowledge between vendors and operators, is an important step towards more secure critical infrastructure,” Doukhvalov added. “By establishing ICS-CERT we are expanding the availability of the industry’s expertise in a way that no other private security vendor has done before.”
Kaspersky Launches Industrial Control Systems CERT
Kaspersky Lab has launched a new global computer emergency response team (CERT) focusing on industrial control systems (ICS). Through the Kaspersky Lab ICS-CERT, the security firm wants to share its knowledge and experience in securing industrial systems and coordinate the exchange of information between stakeholders. Officially launched last month, the new initiative aims to provide information on the latest threats, vulnerabilities, security incidents, mitigation strategies, incident response, compliance and investigations. Since it’s a non-commercial project, the Kaspersky Lab ICS-CERT will offer information and
Siemens Fixes Vulnerabilities in SIMATIC, License Manager Products
(SecurityWeek) - Siemens has released software updates to address several vulnerabilities in its SIMATIC and Automation License Manager (ALM) products. According to advisories published last week by both ICS-CERT and Siemens, the ALM, which allows customers to centrally manage licenses for their Siemens products, is affected by three vulnerabilities. The security holes, including one rated high severity and one rated critical, were reported to the vendor by researchers from Kaspersky Lab’s critical infrastructure team. The critical vulnerability, tracked as CVE-2016-8565, is a
Live Demo: Destructive Cyber Attack on “Air-gapped” Systems
By: Joe Weiss All too often, people claim their systems are air-gapped, and therefore have no cyber vulnerability. But Alternating Current (AC) power cords cross the ostensible “air gap”, and power supplies for laptops, servers, ICSs, etc. have rarely been addressed for cyber security vulnerabilities. On October 26, Alex McEachern from Power Standards Laboratory will provide a hands-on demonstration of two types of attack-to-failure of a real, air-gapped ICS at SecurityWeek's 2016 ICS Cyber Security Conference. McEachern’s demonstration will remotely cyber attack and
Demo: Hacking a Protective Relay and Taking Control – the Grid is at Risk
By: Joe Weiss Protective relays are critical to the operation of the electric grid and the protection of large electric equipment in many industries including electric, nuclear, manufacturing, etc. Protective relays were originally electro-mechanical switches but have progressed to complex networked digital devices with enormous computing capabilities making them intelligent electronic devices (IEDs). Consequently, IEDs are now cyber vulnerable from both IT network and control system issues. In March 2007, the Idaho National Laboratory (INL) demonstrated the Aurora vulnerability by using
Control Systems Don’t Have to be Industrial
Control Systems are Used in Applications Beyond Just Industrial Control and Automation By: Joe Weiss Control systems are used to monitor and control physical processes. Measured variables include pressure, temperature, level, flow, voltage, current, resistance, power, weight (mass), speed, distance, direction, chemical composition, strain, size, color, radiation, etc. Control systems compare the measured variables to a setpoint. For example, a control system can check the temperature to see if it is too high or too low and automatically adjust conditions so the temperature returns
Inside the CRIT-EX 16.2 Cyberattack Readiness Exercise
We are pleased to add the following talk to the agenda of SecurityWeek's 2016 ICS Cyber Security Conference. (Conference registration is still available - with registrations up more than 100% for 2016, we encourage you to register now to reserve a spot) Cyber Stone Soup: Complex Training for Cyber Exercises This presentation will cover the importance of training cybersecurity for industrial control systems in a complex environment. While using lessons learned as examples, the presenter will provide a roadmap to plan and execute
Dragos Raises $1.2 Million to Counter ICS Cyber Threats
(SecurityWeek) - Dragos, a startup focused on protecting industrial control systems (ICS) from cyber threats, has raised $1.2 million from startup studio DataTribe. Founded by a small group of former NSA intelligence officers with experience in ICS security,Dragos offers a network asset discovery and visualization tool called CyberLens. The tool was developed specifically for control systems environments, which often require deep packet inspection through passive network scanning or data collection. However, CyberLens will not be the primary focus of the company as it
ICS Components Are Increasingly Vulnerable and Web Accessible: Report
Over the past few years, industrial control systems (ICS) components have proven to be increasingly vulnerable and more frequently accessible from the Internet, which significantly amplifies the risk they are exposed to, Kaspersky Lab researchers warn. According to numbers from Kaspersky, 189 vulnerabilities were discovered in ICS components last year, a ten-fold increase compared to 2010, when only 19 were published. Sophisticated attacks on ICS are on the rise as well, such as the Ivano-Frankivsk, Ukraine, incident last year, just one of the multiple attacks that
Unpatched Flaws Found in Sierra Wireless Industrial Gateways
A researcher has discovered several vulnerabilities in Sierra Wireless industrial gateways, but the vendor will not address the issues because the products are approaching end of life. Security researcher Karn Ganeshen reported recently that Sierra Wireless AirLink Raven XE and XT modems are affected by several flaws. One of the issues is related to the existence of a default account that allows an attacker with access to the network to log in to the device’s web administration interface. Read the Full Story at
Vulnerabilities Found in Siemens SICAM PAS Power Automation System
(SecurityWeek) - Researchers have discovered two vulnerabilities in Siemens’ SICAM Power Automation System (PAS). The vendor has patched one of the flaws and is currently working on addressing the other one. SICAM PAS is an automation system used by energy companies worldwide to operate electrical substations. The Windows-based software product is advertised as scalable, flexible, easy to operate and cost-efficient. Read the Full Story at SecurityWeek