ISSSource White Papers

Posts Tagged ‘data collection’

Wednesday, October 10, 2012 @ 06:10 PM gHale

WellinTech created a patch that mitigates the vulnerability in the default credential hole in its KingView application.

The vulnerability, discovered by Dr. Wesley McGrew of Mississippi State University, has known exploits that target it, according to a report on ICS-CERT.

Mitigation, Update for PLC Hole
Sielco Sistemi Overwrite Vulnerability
Hotfix for DeltaV Vulnerability
Optimalog Closes Optima PLC Hole

The vulnerability affects KingView 6.5.3 and previous verisons. A successful exploit of this vulnerability will allow an attacker complete access of the targeted system.

WellinTech is a software development company specializing in automation and control based in Beijing, China, with branches in the United States, Japan, Singapore, Europe, and Taiwan.

According to the WellinTech Web site, the KingView product is a Windows-based control, monitoring, and data collection application deployed across several industries, including power, water, building automation, mining, and other sectors.

KingView does not securely store user credentials. An attacker can decrypt the file containing usernames and passwords with a simple mathematical algorithm. CVE-2012-4899 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

An attacker needs to be able to access the system where the files reside to exploit this vulnerability.

WellinTech created a patch that fixes this vulnerability by increasing the complexity of the algorithm used to encrypt the passwords and usernames. Click here to download a copy of the patch.

Monday, July 16, 2012 @ 04:07 PM gHale

Data collection from North American utilities is way off the chart, but the next big quest is to find out what to do with it.

Utility data collection from smart meters is up 18,000 percent, according to a survey from Oracle. The survey of 151 North American utility executives revealed a disconnect between data collection and putting that data to use.

For instance, while 78 percent of respondents said their utilities were collecting outage detection data from their smart meters, only 59 percent were actually using it for business processes and decision-making as of April 2012, when they conducted the survey.

Similar gaps were in voltage data (73 percent collecting it vs. 57 percent using it), tamper detection data (63 percent collecting it vs. 47 percent using it), and diagnostic data (56 percent collecting it and only 33 percent using it).

Smart Grid Needs to get Smarter
Protecting Data a Must for Firms
Security Discord between CEO, CISO
Smart Grid Needs More Security

The results underscore the varied levels of advancement in the North American Advanced Metering Infrastructure (AMI) market. About 22 percent of respondents deployed smart meters to fewer than one-quarter of their customers, for example — a category that could include utilities that haven’t gone past the pilot project phase. But 65 percent of respondents have rolled out smart meters to three-quarters or more of their customers.

Generally, the more advanced the deployment, the farther along utilities have actually put the data they collected to use, said Linda Jackman, group vice president for Oracle’s utilities global business unit. That means some of the gap between collecting and using data could be utilities that just haven’t had the time to get to it yet.

Still, there’s plenty of room for improvement in smart meter data management, according to the survey. One finding shows the low number of utilities that have implemented meter data management software to handle their smart meters. Only 46 percent of respondents said their utilities have Meter Data Management (MDM) in place.

Jackman said those that don’t have an MDM are probably either dropping their data straight into Excel files — something an early-stage pilot project might do — or using their existing customer information system (CIS) billing systems.

That’s OK for billing, but not too much use for putting smart meter data to work for such things as outage detection, power quality sensing, conservation voltage reduction and other grid operations features, she said. Indeed, about 70 percent of utilities with an MDM in place reported themselves well-prepared to manage the smart meter data challenge, versus 51 percent without MDM that said they were well-prepared.

Tuesday, August 3, 2010 @ 02:08 PM gHale

From energy systems that power our neighborhoods, to transportation networks that move us around our communities and the country, to facilities that provide our families with safe drinking water, critical infrastructure and key resources (CIKR) impacts nearly every aspect of our daily lives.
CIKR is the umbrella covering the assets of the United States essential to the nation’s security, public health and safety, and economic vitality. CIKR covers 18 separate sectors, as diverse as agriculture and food, emergency services, and cyber networks.
Because this critical infrastructure provides the U.S. with enormous benefits, services, and opportunities on which we rely, the Department of Homeland Security (DHS) understands the risks posed to CIKR. DHS knows these threats can have serious effects, such as cutting populations off from clean water, power, transportation, or emergency supplies.
DHS oversees programs and resources that foster public-private partnerships, enhance protective programs, and build national resiliency to withstand natural disasters and terrorist threats. Key activities in those areas include:
• Assessing vulnerabilities, implementing protective programs, and improving security protocols
• Enhancing preparedness through training and exercises
• Assisting with contingency planning, response, and recovery
• Implementing real-time information sharing
• Implementing cyber security measures
• Assisting with infrastructure data collection and management
• Implementing regulations for high-risk chemical facilities
• Developing standards for federal building security
To find out more, click on critical infrastructure and key resources.

Tuesday, June 29, 2010 @ 10:06 AM gHale

It is now all about the integration as Honeywell completed the $139 million (C$144 million) deal for Edmonton, Canada-based solution provider Matrikon.
Matrikon will now work with Honeywell to integrate into the Advanced Solutions business of Honeywell Process Solutions (HPS) unit, a business within Honeywell’s Automation and Control Solutions group.
Matrikon’s open connectivity in process control business, MatrikonOPC, will operate as a separate business entity within HPS.
“The Matrikon brands are outstanding additions to our technology portfolio,” said Norm Gilsdorf, president of HPS. “Combining our experienced teams and products will enable us to create stronger, enterprise-wide solutions that improve business performance for respective customers.”
Matrikon specializes in technology to manage production, optimize operations and monitor assets at industrial plants including oil and gas, refining, energy, power and mining companies.
Matrikon and HPS make products that complement each other, especially in asset management, production management, operations optimization, plant cyber security and data collection and visualization. Honeywell said they continue to support MatrikonOPC’s commitment to vendor neutral open connectivity in process control (OPC).
“With the breadth and reach of Honeywell, we expect the Matrikon technology will continue to evolve more broadly to support our goal of creating technology that drives industrial performance,” said Nizar J. Somji, president and chief executive of Matrikon.

Archived Entries