Cyber Security: ICS-CERT Vulnerability Summary for Week of December 23

Click the link below to view the summary of cyber security vulnerabilities for the week of December 23 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-364

Cyber Security: Effective Backups

Gary Kneeland, consultant for Invensys Critical Infrastructure & Security Practice, offers tips for effective backups.

Minimize Downtime Through Effective Backups

Modern organizations put more and more emphasis on using computer solutions for day-to-day problems. Whether it is payroll, operating door controllers, or controlling turbine assemblies, all these systems rely on computer systems that have been configured to work in their specific environment. Because of these configuration differences, replacing one of these systems in the event of a failure is not as simple as buying a new one off the shelf. Reproducing a configuration of a system without good backups can take huge amounts of time, and also introduce errors into the system that were not originally there. In some cases, the time lost while these systems are being replaced can shut down a production line or power plant for extended periods of time, costing companies millions of dollars. All of these reasons and more are why effective backups are important for any computer system in an industrial environment.

Keep it simple

The first requirement for effective backups is to make them as simple as possible to execute. If the backup procedure for a system requires a technician to go to the machine, plug in a laptop, and manually execute a backup that takes 4 hours to complete, this not only wastes time, but could lead to human errors while performing the backup activities. There are many software suites available now that will automatically perform backups of other systems, either locally or to network drives, and are highly customizable in how these backups are performed. Using one of these software suites to automate the backup process can make them easier and more reliable.

Determine the frequency and types of backups to occur

The second requirement for effective backups is to identify what frequency backups need to occur at and what types of backups need to occur. To evaluate how often backups need to occur, you must first know how often changes are occurring on a system. A controller for an emergency fire protection system may not be used often, and backups every month or every quarter is sufficient; however, for a payroll system that is being changed on a daily basis, incremental backups every day would be more appropriate. Determining the frequency of backups will assure that backups are current and usable, but keep resource usage at a minimum and keep costs down.

Store backup files offsite

The third requirement for effective backups is to have offsite storage locations for the backup files. If a company has up-to-date backups, but they are all in the same building as the servers when a flood or fire occurs, they are of no use. Because most backup software solutions allow network backups, consider other locations on the company’s WAN that can house the backups more safely. Storing backups at a corporate location that is offsite from your industrial complex can save a company when large scale disasters strike, such as flood and fire.

Use a test system to ensure smooth recovery

Finally, once a company has backups created for their systems, they must test that they can actually recover from these backups. Using a test system to attempt and recover from these backups can ensure that when the time comes to use system backups, it goes smoothly. Creating and testing a disaster recovery plan can help make recovery as smooth and painless as possible, and with the help of good backups, can prevent extended downtime to a company’s critical infrastructure.

Cyber Security: Hackers make covert networks with sound

Hackers and spies have a slew of ways to pull data from your computer, but not if it's disconnected from the Internet. Click here to read the article.

Cyber Security: No Christmas fun for IT as they admit to losing the cyber-warfare battle

RedSeal Networks , the leader in network infrastructure security management, announced the results of a survey that was conducted amongst 350 IT professionals from a range of companies across the United Kingdom. Click here to read the article.

Cyber Security: Cyber attack dodges sandbox to hit Adobe Reader, Windows XP

A technical analysis shows that a cyber-attack currently hitting systems in the wild is using two separate vulnerabilities to break out of the Adobe sandbox to infect Windows systems. Click here to read the article.

Cyber Security: Data stolen from 104,000 energy employees was more sensitive than first thought

Hackers that breached an Energy Department personnel database in July got away with more sensitive data than first disclosed by the government, including some banking information and password security questions of the 104,179 individuals affected, according to internal investigators. Click here for the article.

Cyber Security: Bogus antivirus program uses a dozen stolen signing certificates

A fake antivirus program is using at least a dozen stolen code-signing certificates, indicating hackers are regularly breaching the networks of developers. Click here to read the article.

Cyber Security: ICS-CERT Vulnerability Summary for Week of December 9

Click the link below to view the summary of cyber security vulnerabilities for the week of December 9 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-350

Cyber Security: Hackers steal 2M passwords to Facebook, Twitter, others

Online media reports indicate hackers have stolen usernames and passwords for nearly two million accounts on popular email and social media websites. Click here to read the article.

Cyber Security: Group charged in PayPal cyber attack pleads guilty

A group of 13 defendants who had been charged in a cyber attack on PayPal's website pleaded guilty and admitted to the December 2010 attack over PayPal's suspension of WikiLeaks accounts. Click here to read the article.

Cyber Security: State tax refund debit card data exposed to hackers

The latest issue is personal information of around 6,000 Louisiana taxpayers and another 7,000 or so in Connecticut. Click here to read more.

Cyber Security: The Global Cyber Advisor Newsletter - Nov. 2013 Vol. 26

Welcome to the latest Global Cyber Advisor Newsletter.

Continuously Secure:   Invensys continues to prove to the industry that we stay vigilant and help our customers develop their Cyber Strategies and secure their process environments.      We have staff to help our clients on a global basis to assess, design, implement and manage their Cyber posture.     Invensys has developed suites of products with complementary consulting, which are unmatched in the industry.   

This month’s Consultant’s Corner is from Stephen Santee where he discusses approaches to Cyber Security programs.

                                                                                             

The Invensys Critical Infrastructure and Security Practice has the skills and the resources to help our clients no matter what industry.    We are structured to help with their entire Cyber Security program.   We have essentially the industry’s largest vendor-based Cyber Security team that assists our clients secure their entire process environment.    We understand that Cyber Security extends beyond a single system and our valued clients need assistance and advice in how to secure their entire plant infrastructure.   Cyber security is so much more than firewalls and anti-virus software.  

If you’ve missed our previous editions, you can find them at this location:   http://iom.invensys.com/EN/Pages/CyberSecurity-Newsletters.aspx

Click here to open the November 2013 newsletter.

Cyber Security: ICS-CERT Vulnerability Summary for Week of December 2

Click the link below to view the summary of cyber security vulnerabilities for the week of December 2 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-343

Cyber Security: Tech giants are countering government spying

Google, Facebook, Microsoft and Twitter are engaged in a costly tech arms race, with their businesses and cultures at stake. Not against one another, mind you, but a common foe: the National Security Agency. Click here to read the article.

Cyber Security: Smart TVs, security cams now on hackers' radar: Symantec says

Besides PCs and mobile phones, internet-connected devices like smart TVs, routers and security cameras are also now vulnerable to attacks from cyber criminals, security software provider Symantec says. Click here to read the article.

Cyber Security: Energy industry is target for cyber attacks

Last year the hacker group Anonymous broke into computer systems of oil companies including Shell, Exxon Mobil and BP as a protest against Arctic drilling. Click here to read the article.

Cyber Security: Top ten Cyber Monday tips for staying safe when shopping online

Cyber Monday—the Monday after Thanksgiving—has officially replaced Black Friday—the day after Thanksgiving—as the most popular day to shop for the holidays.

 

Shopping online means avoiding the crowds, but it also opens the buyer up to attacks from scammers and hackers. In order to fight these online grinches, the Better Business Bureau of Southern Arizona recommends 10 tips for staying safe when holiday shopping online.

 

Click here to read the article.

 

 

Cyber Security: ICS-CERT Vulnerability Summary for Week of November 25

Click the link below to view the summary of cyber security vulnerabilities for the week of November 25 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-336