Posts Tagged ‘energy’
Tuesday, June 18, 2013 @ 04:06 PM gHale
By Gregory Hale
The industry is losing around $400 billion a year in cyber attacks.
“Cyber attacks are an area where users are under invested,” said Darius Adamcyzk, president and chief executive at Honeywell Process Solutions, during Monday’s keynote at the Honeywell Users Group (HUG) in Phoenix, AZ. “This is something I worry about every day. There needs to be more awareness. There is $400 billion lost a year due to cyber attacks.”
RELATED STORIES
Breach Discovery: 10 Hours
Security Breach Fantasy Land
Botnet Hurt, so are Researchers
P2P Botnets Keep Growing
The idea security is top of mind for Adamcyzk truly underscores the dire need for the industry to come to grips with the idea that manufacturing automation users are, for the most part, not prepared when it comes to the potential of facing and fending off a cyber attack.
“I just hope it doesn’t take a crisis for us to start spending (on security solutions),” Adamcyzk said.
Safety was also a key element to Adamcyzk’s keynote as he said Honeywell was well below the average of safety incidents in the United States, but he feared the U.S. average was going to rise in the wake of safety incidents like the explosion at the fertilizer plant in West, Texas.
“For use process safety is a given,” Adamcyzk said. “Our approach to safety is broader though: Integrated safety. All integrated in one seamless package.”
“Safety has plateaued,” he said. “My guess is it will be getting worse than better,” in the wake of the recent safety incidents. “Safety has to be job one.”
While safety and security were important elements to Adamcyzk’s talk, he also mentioned other key trends HPS is focusing on like energy, improving relationships with end users, and reiterating Honeywell is more of a full service integrator compared to a hardware provider.
When it comes to producing more energy, Adamcyzk said the U.S. is still and importer, but that trend is changing.
“From the 1980s until 2010, there has been a decline in production, but that has changed,” he said. “We are still a net importer of energy, but by 2020 we will be about even and by 2040 we will an exporter by 12 percent.”
Another area the industry is keeping a keen eye on is the aging workforce and the potential for Baby Boomers getting ready to retire and take all the knowledge out the door with them. “By 2020 workers aged 55 and older will be almost 25 percent of the workforce,” he said. That also shows great potential for automation to come in and help alleviate some of the worker crunch.
Adamcyzk also spent some time talking about the real key in the industry is about making – and keeping – relationships.
“If we can’t keep a relationship from the beginning of the lifecycle through the end, then we have absolutely failed.”
Friday, June 7, 2013 @ 03:06 PM gHale
Security services continues to move forward in consolidation mode as SilverSky acquired the managed security services division of StillSecure.
The Milford, CT-based security firm, formerly known as Perimeter E-Security, built out managed security services in recent years. The firm said the StillSecure division will add new log archiving capabilities and a web application firewall service. SilverSky has about 95 clients in the financial services, retail, healthcare, energy, critical infrastructure and manufacturing sectors with a deal size of more than $25,000, according to Forrester Research. The company said it has 6,000 customers.
RELATED STORIES
IBM gets Deeper into Cloud
Blue Coat Deals for Analytics Firm
McAfee Deals for Stonesoft
ABB Deals for Gas Analyzer Firm
In addition to bringing on about 40 people, including eight security engineers, SilverSky will also add Superior, CO-based StillSecure’s two security operation centers located in Denver and Ft. Lauderdale, FL. StillSecure has about 30 clients with a deal size of greater than $25,000, according to Forrester.
SilverSky CTO Andrew Jaquith pledged the company’s full support of current StillSecure customers and channel partners. The two StillSecure locations will increase redundancy for SilverSky’s operations, Jaquith said. Integration of back-end operations should take about six months. Merging the sales and account teams should take about 30 days.
“We’re not looking to do anything radical that would make current StillSecure customers unhappy,” Jaquith said. “We are bringing their security operations and engineering and sales resources. There will be a fair amount of continuity with the staff.”
SilverSky’s business consists of mainly direct sales, while StillSecure sales have been nearly 100 percent through the channel. SilverSky’s managed security services currently provide network monitoring, security information event management and unified threat management systems. The company can support firewall, IDS/IPS and VPN remote user access services as part of a UTM package or on an a la carte basis. SilverSky will continue to offer cloud-based email security and its Secure Cloud Exchange service for Microsoft Exchange.
SilverSky announcement is one in a wave of mergers and acquisitions in recent months associated with managed security services.
Deloitte last week acquired Vigilant, Inc., a consulting and managed services provider specializing in security monitoring and threat intelligence. The company will operate under the Vigilant by Deloitte brand. Vigilant’s customer base consists of 1,000 global clients, mainly in the financial sector. Meanwhile Chicago-based security firm Trustwave also dealt for SecureConnect, an Eden Prairie, MN-based security services provider that focused its services on providing PCI compliance and network security for clients in the hospitality industry.
Wednesday, May 22, 2013 @ 07:05 PM gHale
3S created an update for a denial-of-service (DoS) vulnerability in its CODESYS Gateway application, according to a report on ICS-CERT.
Successful exploitation of this remotely exploitable vulnerability, discovered by Nicholas Miles who has tested the update and validates that it resolves the vulnerability, could cause a DoS condition and may also allow the possibility of remote execution of arbitrary code.
RELATED STORIES
Mitsubishi ActiveX Vulnerability
TURCK Fixes Gateway Bugs
Wonderware Mitigates Server Holes
RuggedCom Updates ROS Fix
The Gateway-Server is a third-party component found in multiple control systems manufacturer’s products.
CODESYS Gateway, Version 2.3.9.27 suffers from this issue.
This product also sees use in products sold by other vendors. Control systems vendors should review their products, identify those that incorporate the affected software, and take appropriate steps to update their products and notify customers.
If exploited, an attacker could use this vulnerability to remotely cause a DoS with a system crash within the Gateway server application. Remote execution of arbitrary code may also be possible.
According to the 3S-Smart Software Solutions GmbH Web site, CODESYS sees use in virtually all sectors of the automation industry by manufacturers of industrial controllers or intelligent automation devices, by end users in many different industries, or by system integrators who offer automation solutions with CODESYS.
This vulnerability affects products primarily found in the energy, critical manufacturing, and industrial automation industries.
The vulnerability is the result of a referencing memory previously freed by the process. This condition commonly causes a system crash and may also present the possibility for execution of arbitrary code.
CVE-2013-81733 is the number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.
No known public exploits specifically target this vulnerability, but an attacker with a low skill would be able to exploit this vulnerability.
3S produced a patch available for download from the 3S CODESYS Download page.
Monday, March 25, 2013 @ 10:03 AM gHale
Filling in the gap left by retiring Baby Boomers is really becoming a problem as the United States isn’t producing enough qualified workers to meet the future needs of the mining and energy sectors, from coal digging and gas drilling to solar and wind power, a new report said.
The report, released by the National Research Council, urges new partnerships to tackle the problem of retiring Boomers. That includes a retooling of higher education to produce more young people competent in science, technology, engineering and math.
RELATED STORIES
Online Security Career Portal
Summer Cyber Institute a Success
Automated Testing of SCADA Protocols
DHS, IAEA Ink Collaboration Pact
The report predicts a “bright present and future” for energy and mining jobs, with continuing demand for workers and good pay for those hired. But it said some industries already face labor shortages and others soon will because the nation’s colleges and universities aren’t cranking out graduates with the skills that growing companies need.
Federal Mine Safety and Health Administration data, for example, show 46 percent of the workforce will be eligible to retire within five years, but there are too few younger workers in the pipeline to replace them.
The oil and gas industry, meanwhile, has a workforce that’s currently concentrated at both the older and younger ends of the spectrum, the report said, “creating a gap in experience and maturity” in between and making it difficult to replace retiring leadership.
The report recommends several wide-ranging solutions, including outreach efforts to improve both the public’s understanding and perception of energy-producing industries such as oil and gas.
Negative perception driven by concern over pollution, environmental damage and health issues, it notes, “dissuades some from pursuing careers.”
It also notes universities are seeing a faculty shortage that could affect oil and gas, mining and geothermal employers.
“Unless this is corrected,” the report said, “the nation risks losing its capacity to provide new science and engineering professionals for the workforce.”
The independent, nonprofit National Research Council is the main operating agency of the National Academy of Sciences. The nearly 400-page document ended up authored by 14 experts from universities, government and the private sector.
It warns the higher education community the traditional routes to degrees “do not adequately align” with industries’ needs and notes “they are increasingly not affordable and accessible” for prospective students.
Community colleges are proving to be the best vehicle for delivering the technician-level, skills-based education the energy and mining industries need, the report said, offering programs ranging from one-year certifications to two-year associate’s degrees.
Schools and employers should form more partnerships like those, the report said, and federal agencies should consider more research funding to schools to help drive technological innovation and develop faculty.
Monday, March 18, 2013 @ 05:03 PM gHale
Almost 66 percent of organizations learn about a breach after hearing about it from an external source, a new report said.
While companies are getting better at identifying targeted attacks on their own, it takes a company, on average, 243 days before discovering an attack, during which the criminals can freely roam their networks, according to the “M-Trends 2013: Attack the Security Gap” study from security firm Mandiant.
The report focuses on advanced persistent threats (APTs) which attackers use penetrate organizations and steal sensitive information. That number, though, dropped by 173 days compared to the previous year.
RELATED STORIES
New Wave: Risk-Based Security
Survey: Database Security too Complex
Stolen Corporate Data at Highest Levels
Mobile Number Harvesting Tool
It’s interesting to note the use of outsourced service providers is also problematic for cyber security. Attackers are taking advantage of the relationship between the targeted company and outsourced business processes such as finance, accounting and HR.
To make their attacks more efficient, cybercriminals collect large quantities of data related to system administration guides, processing methodologies and network infrastructure. This allows them to navigate their victims’ networks faster.
While China always stands accused of cyber spying on the U.S., Mandiant did say the top three industries repeatedly targeted by the country are aerospace, energy and pharmaceuticals.
“We’ve seen first-hand that a sophisticated attacker can breach any network given enough time and determination,” said Grady Summers, vice president at Mandiant.
“It’s not enough for companies to ask ‘Are we secure?’ They need to be asking ‘How do we know we’re not compromised today? How would we know? What would we do about it if we were?’”
Thursday, February 28, 2013 @ 04:02 PM gHale
Three out of four security professionals lack confidence in their ability to recognize key indicators of a breach, a new survey said.
While that could be frightening news for most people that run an organization, the good news is despite the erosion of IT professionals’ overall confidence, users that did deploy next generation firewalls and security information and event management (SIEM) technologies are three-and-a-half times more confident in their ability to detect key breach indicators, according to LogRhythm’s 2nd Annual Cyber Threat Readiness Survey of 150 IT security professionals on their organizations’ readiness to address advanced cyber security threats.
RELATED STORIES
New Plan to Secure Trade Secrets
Sanctions for Online Espionage
APT Group China Based
Security Checklist for CEOs
Respondents surveyed represented companies across many industries, including financial services, federal government, healthcare, manufacturing, retail, utilities, education, communications and energy.
Other findings:
• 18 percent are confident they’ll know when a host gets compromised (Down 11 percent compared to 2012)
• 17 percent are confident they’ll know when a user’s credentials get compromised (Down 4 percent)
• 24 percent are confident in their ability to identify internal anomalous activity (Unchanged)
• 20 percent are confident in their ability to detect rogue processes (Down 1 percent)
• 19 percent are confident in their ability to recognize abnormal behavior patterns (Down 3 percent).
Click here to download the survey.
Tuesday, February 5, 2013 @ 02:02 PM gHale
By Gregory Hale
Tridium Niagara is dealing with an unpatched Zero Day that two security researchers found and demonstrated live at the Kaspersky Security Analyst Summit (SAS) Tuesday.
While a patch is imminent, the researchers, Billy Rios and Terry McCorkle of Cylance, did not go into the technical details of the flaw, other than to say they were able to get root access to the device. The key, they said at the SAS in Puerto Rico, was gaining a way to access the file that contains configuration files for the device. After that, the researchers, who between them have reported over 1000 vulnerabilities to vendors, were able to get into the framework’s station, which is the interface administrators interact with to manage whatever the device is running. From there, they were able to leverage a privilege escalation bug in order to get access to the platform level of the device stack which runs on Java.
RELATED STORIES
SAS: Learn from your Attackers
SAS: Keeping an Eye on Mobile Devices
DDoS Attacks Steady; Others on Rise
Users a Top Security Threat
Tridium Niagara Framework sees use in running building maintenance systems including access control, video, intrusion, elevator control, lighting, HVAC, and energy.
“A platform written in Java – and we can get through Java –we own everything,” Rios said. “Once you own the platform, you own everything. Once you own the platform, it is game over.”
The researchers conducted a little research project on just how many Tridium Niagara devices were out there connected to the Internet. After a quick Shodan search, there were able to find over 21,000 devices facing the Internet, McCorkle said. That means these devices if not properly protected – which most, if not all, are not – they would be vulnerable to attack.
They found in part of the company literature the devices work connected to the Internet. “They are designed to connect control systems and building systems to the Internet,” McCorkle said.
While they were not entirely sure what devices were running where from their Shodan search, to narrow the possibilities they were able to look up case studies on the web site and they could narrow down where the devices were. They could also find out what these devices were controlling.
“We found hospitals, banks buildings on the Internet,” McCorkle said.
The next question is what should users do if they are running Tridium Niagara today?
“Take it off the Internet and make sure it’s protected, and monitor that traffic,” McCorkle said. “Finding these is trivial. You can do privilege escalation on them and elevate to local admin on the LAN and pivot from there.”
“We are not the only ones doing this,” Rios said. “There are people not standing on a stage talking about this. People have to realize we are not living in the stone age. There are people out there that want to exploit these devices.”
In many ways, the researchers found these very same issues back in the 90s in the IT environment.
“We are jumping back in time to the early days of Windows,” McCorkle said. “This isn’t a new problem. We are just trying to shed some light on the situation.”
Wednesday, September 26, 2012 @ 03:09 PM gHale
There is a log on Institute of Electrical and Electronics Engineers’ (IEEE) FTP servers containing the login information for almost 100,000 of its members.
IEEE, one of the world’s preeminent professional organizations in such fields as nanotechnology, IT, telecommunications, energy, as well as biomedical and healthcare, and it is a global standards-making organization.
RELATED STORIES
Most Data Breaches an Inside Job
Honeypot Now SQL Injection Capable
USB Malware Heart of Investigation
Malware Hides as Help File
Radu Dragusin, a Romanian computer programmer currently affiliated with the Computer Science department at the University of Copenhagen, Denmark found the issue.
Dragusin first discovered a log with usernames and passwords in plaintext, publicly available via IEEE’s FTP server for at least a month. He informed them of his find and the organization is addressing the issue.
Among the users whose information suffered from the exposure were researchers at NASA, Stanford, IBM, Google, Apple, Oracle and Samsung. IEEE’s membership of over 340,000 is half American (49.8 percent as of 2011). Other members reside in India, China and the Pacific Rim (23.4 percent) and Europe, the Middle East and Africa (18.3 percent). Some 8 percent of IEEE’s membership constitutes government employees, including the military. Most work in the private sector and academia.
While it’s too early to fully assess the severity of the data breach, which impacts ieee.org and spectrum.ieee.org, Dragusin said the available information exposes these users’ activity on these sites. Malicious parties interested in identifying users could conceivably mount spear phishing attacks on these users, and potentially come up with social engineering exploits.
Since Dragusin’s announcement via his blog, which includes a thorough breakdown of the information he accessed, other security professionals are attempting to verify the breach.