Monday, September 30, 2013

Cyber Security: ICS-CERT Vulnerability Summary for Week of September 23

Click the link below to view the summary of cyber security vulnerabilities for the week of September 23 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-273


Thursday, September 26, 2013

Cyber Security: Internet security level raised to "yellow" after IE attacks

The Internet Storm Center has raised the internet security level to "yellow," indicating that a "significant new threat" is exploiting an "unpatched vulnerability in all versions of Microsoft's Internet Explorer (IE) browser." Click here to read the article.



Wednesday, September 25, 2013

Tuesday, September 24, 2013

Cyber Security: iPhone 5S fingerprint scanner already hacked

A European hacker group has been able to hack the new iPhone 5S's security feature by using a photographed fingerprint taped to latex. Read more here.

Monday, September 23, 2013

Friday, September 20, 2013

Cyber Security: The Global Cyber Advisor Newsletter - August 2013 Vol. 23

Welcome to the latest Global Cyber Advisor Newsletter.

Continuously Secure:   Invensys continues to prove to the industry that we stay vigilant and help our customers develop their Cyber Strategies and secure their process environments. We have staff to help our clients on a global basis to assess, design, implement and manage their Cyber posture. Invensys has developed suites of products with complementary consulting, which are unmatched in the industry.   

This month’s Consultant’s Corner is from Charles Smith, where he discusses patch management and "Keeping the Holes Plugged."

The Invensys Critical Infrastructure and Security Practice has the skills and the resources to help our clients no matter what industry. We are structured to help with their entire Cyber Security program. We have essentially the industry’s largest vendor-based Cyber Security team that assists our clients secure their entire process environment. We understand that Cyber Security extends beyond a single system and our valued clients need assistance and advice in how to secure their entire plant infrastructure. Cyber security is so much more than firewalls and anti-virus software. 

If you’ve missed our previous editions, you can find them at this location:   http://iom.invensys.com/EN/Pages/CyberSecurity-Newsletters.aspx

Click here to open the August 2013 newsletter.
 


Thursday, September 19, 2013

Cyber Security: Teenager arrested for online scams worth over $50,000/month

A 19-year-old Argentinian man was arrested "on suspicion of running an elaborate cyber-fraud network stealing $600,000 a year" by intercepting online money transfers. Click here to read more.

Wednesday, September 18, 2013

Cyber Security: How to prepare, prevent, detect, and respond to "malicious insiders"

Every year, almost 50% of companies who respond to surveys from Carnegie Mellon University's Software Engineering Institute admit they suffered from "at least one data-security breach by an insider in the previous year." Learn how to prepare, prevent, detect, and respond to cyber security breaches performed by insiders. Click here for the article.

Tuesday, September 17, 2013

Cyber Security: Nasdaq website hacked in 10 minutes

Although a cyber security expert warned Nasdaq.com repeatedly that "hackers could steal users' browser history and cookies or perform phishing attacks to steal confidential data," he claims nothing was done about it. "I discovered these vulnerabilities in just 10 minutes with a Firefox browser without any special tools or software."

Click here to read the article.

Monday, September 16, 2013

Cyber Security: ICS-CERT Vulnerability Summary for Week of September 9

Click the link below to view the summary of cyber security vulnerabilities for the week of September 9 as collected and reported by ICS-CERT.

http://www.us-cert.gov/ncas/bulletins/SB13-259


Friday, September 13, 2013

Cyber Security: Invensys Cyber Security Conference, October 3, 2013 in The Netherlands

Invensys Cyber Security Conference

Thursday, October 3, 2013

Fortress St. Gertrudis, The Netherlands


Cyber Crime is considered a simple and low cost crime with a low conviction rate. Though the results can be as damaging as physical crime, especially when governmental agencies come into play (e.g. Stuxnet and Shamoon). Cyber Crime is becoming more relevant to your company’s management team, so in order to support you in protecting your production processes, Invensys has organized a Cyber Security Conference. This will provide you with meaningful information to take back to your management team and start securing the most valuable assets of your company: production asset and the image of your company.

Learn:
how to implement a Cyber Secure architecture
how to create a Cyber Security plan
how other companies are adopting their IT Security strategies

Participate in discussions with peers from your industry.
Address your security concerns to the Cyber Security Panel.
Enjoy the hospitality and the scenery of a fortress from the 18th century.

Click here to view the agenda and register.

Thursday, September 12, 2013

Cyber Security: Cyber Protection for Safety Systems


Michael Martinez, Principal Consultant for Invensys Critical Infrastructure and Security Practice (CISP), addresses Invensys users about Cyber Security solutions at the Foxboro and Triconex Global Client Conference in San Antonio on September 11, 2013. Click here for the article.

Cyber Security: Computers linked to large cybercrime operation seized

Computers associated with a Metro Vancouver company were seized as part of an effort to take down a botnet called Citadel, malware that targets financial institutions and is responsible for over $500 million in damages. Read more here.

Wednesday, September 11, 2013

Cyber Security: Is privacy an illusion?

In the wake of the NSA encryption revelation, does privacy online really exist? Read this article to learn what types of cryptography the NSA has hacked and what you can do to keep a basic level of privacy online.

Tuesday, September 10, 2013

Cyber Security: Invensys to unveil new Foxboro DCS at Global Client Conference this week

Invensys will unveil the new Foxboro DCS this week at the Global Client Conference in San Antonio. The new DCS features will include:
  • Engineering Suite
  • Operations Suite
  • Maintenance Suite
  • Applications
  • Integrated yet separate control and Safety ACM II
  • Controllers CP280
  • High Density I/O
Future-ready:  applications that provide unique insight and context for smarter operations and profitable opportunities

Future-proof:  proven, bullet-proof integrated control and safety platform designed to protect our clients against operational risk and remain flexible

Preview the new system in Control Global magazine's exclusive article.


Cyber Security: Big Brother is watching you

"Encryption techniques used by online banks, email providers, and many other sensitive Internet services to keep your personal data private and secure are no match for the National Security Agency and British surveillance authorities..." Read the article here.

Monday, September 9, 2013

Friday, September 6, 2013

Cyber Security: How prepared are you for a cyber attack?

Read this article for tips on how to prepare for possible cyber attacks on power plants that could leave you and your family without power. Learn what you should have in your disaster kit and how to coordinate plans with family members in case of an emergency.

Thursday, September 5, 2013

Cyber Security: Network Switch Security--Protecting Layer 2

Stephen Santee, consultant for Invensys Critical Infrastructure & Security Practice, discusses how to configure network switch security to eliminate the possibility of compromise.

Network Switch Security—Protecting Layer 2

Network switches in a Distributed Control System (DCS) network play a vital role interconnecting digital assets that comprise a DCS network. Network switches not only interconnect devices in redundant and mesh networks, but also decide alternate communications paths and control much of the information flowing across the network. The DCS would not function properly or would be at risk if the network switch were to be compromised by an intruder.

Configuring network switch security not only helps eliminate the possibility of compromise, but proper settings can help minimize unwanted network traffic caused by a failing network device.

Network switch security should address the following:

 Access Control
  1. Physical Access – Place switches in locked cabinets or controlled areas while password protecting console access.
  2. Logical Access – Manage the switches on a management network rather than the DCS network.
  3. Role-Based Access – Similar to access on a DCS; not all users require administrative rights to the switch.
Patch Management
  1. Test Software Patches – Test patches to ensure security is not degraded due to a software upgrade
  2. Deploy Software Patches – Vendors provide software patches to address flaws in their software that could lead to a compromise.
Configuration Control
  1. Create a repeatable checklist to provide for configuration continuity.
  2. Disable ports, use port security, and configure enhanced security features.
Monitoring
  1. Set up logging on the network switch to aid in detecting malicious activity.
  2. Ensure logging provides detailed information that can assist in after-the-fact investigations.

Protecting network switches from compromise will help ensure that the DCS is able to perform as expected. A secure network switch will help provide high availability and the self-healing network performance that is expected out of DCS networks. In support of continuous cyber security, the Invensys Critical Infrastructure and Security Practice (CISP) team can perform assessments and configuration hardening on network switches.

  

Wednesday, September 4, 2013

Tuesday, September 3, 2013

Monday, September 2, 2013

Cyber Security: Managed Security Services

A comprehensive MSS package offered by Invensys and Integralis helps enforce industry best practices and prevents security breaches by providing system availability checks, alert management, 24/7 monitoring, and more. Click here to read more.