Monday, July 1, 2013

Super Cyber Security Reading: 2Q ICS-CERT Monitor

Unfortunately, the Energy Sector wins this competition over last 12 months

There are few publications you can read that will tell you more about the current state of cyber awareness and attacks on critical infrastructure orgs and systems than this than the Monitor.


Before we go much further, laypersons, get ready for some advanced acronym unpacking.

Published quarterly by the US Department of Homeland Security (DHS), the Industrial Control Systems (ICS) Computer Emergency Response Team (CERT), this 15 page document gives you the latest findings and trends.

There's a lot of goodness is the 2Q issues, but I'm going to show you just a couple paragraphs and call out some key words in bold that'll give you a feel for the overall messages it contains.  Let's see how this works:
Most recently, ICS-CERT has assisted critical infrastructure entities in the energy and critical manufacturing sectors with response to cyber intrusion attempts and compromises related to an emerging cyber threat actor. These incidents have involved common exploitation techniques and readily available tools that have been deployed successfully against many companies to compromise networks.
OK, so far so good. You can see that attackers are succeeding without having to work too hard. Now this with a bit more in bold:
In the first half of fiscal year 2013, ICS-CERT has deployed five (5) onsite teams compared to six (6) in all of fiscal year 2012. Three of the onsites were in the energy sector and two were in the critical manufacturing sector. All of the onsite incident response engagements involved sophisticated threat actors who had successfully compromised and gained access to business networks
While onsite, ICS-CERT analysts examined networks and artifacts to determine if ICS networks were also compromised. Unfortunately, in many cases that analysis was inconclusive because of limited or non-existent logging and forensics data from the ICS network
While cyber security threats to ICS and other systems can feel overwhelming at times, it's important to note that utilities and other user organizations can do a lot to improve their posture, without either breaking the bank or having to hire dozens of Einsteins. ICS-CERT is a great resource, one that I'd hope you can use as much as possible, proactively vs. reactively.

--------------------------

URL for Monitor report

http://ics-cert.us-cert.gov/sites/default/files/ICS-CERT_Monitor_April-June2013.pdf

1 comment:

Jess Holmes said...

These are some great findings, thanks for sharing with your readers. I've been looking into network security architecture, but unfortunately a lot of the concepts go right over my head. I'm thinking it's a better idea to hire a company with the know-how and experience to handle the network.