Browse archive

Latest news

Microsoft to pay up to 150k for vulnerabilities

(IN)SECURE Magazine issue 38 released

Collected data helped foil 50 terrorist plots, says NSA chief

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

How to detect hidden administrator apps on Android

Hacking charge stations for electric cars

Top five hurdles to security and compliance in industrial control systems

by Jacob Kitchel - Sr. Manager of Security and Compliance Industrial Defender - Thursday, January 24, 2013.

Operators do have other options for addressing this challenge. There are technologies and solutions available on the market today that enable operators to automate all of their data collections processes safely, securely and effectively. By embracing a fully automated approach to data collection, operators can safely meet their data collection and reporting requirements, while also alleviating many hours of manual work and human error.

It should be noted that automating data collection is not the same as “network scanning.” Automated data collection utilizes built-in, administrative capabilities in the cyber assets and can be performed in a controlled manner, which utilizes very little overhead on the cyber assets. “Network scanning” is associated with network-based port scanning, which when not done carefully, can affect cyber asset availability in some cases.

3. Dirty Data – Often times, raw output from tools used to collect security and compliance data is all-encompassing and complete. That’s the good news. The bad news is that it usually includes data that requires analysis by the asset owner in order to make determinations of security or compliance state. When raw output is treated as analyzed output, asset owners get an inaccurate picture of the security and compliance state of their assets.

For example, in the upcoming NERC CIP-010-5, asset owners are required to create a baseline of each cyber asset, which includes several categories of information, one of which is “logical accessible network ports.” If an asset owner utilizes raw “netstat” output as a final source of data for compliance, there will potentially be many additional records of data that do not apply, such as records for local host-only services, which are not available as “logical accessible network ports.”

4. Inability to Detect Anomalous Behavior – Zero-day attacks can be devastating to automation systems. They are exploit system vulnerabilities that are unknown at the time of the attack, so there is no patch or fix at the ready, and great damage can often result.

One of the most effective ways to protect against these types of attacks is for operators to continually monitor their networks to develop a baseline of normal activity. This baseline is a reference point that can help operators quickly identify the anomalous, attack-related activity they need to guard against.