Seems SCADA systems (or at least alleged attacks on them) have hit the big time.Wired magazine is running this story on the Illinois Water Attack.See my post over on Unfettered about what's looking more and more like an Attack by the Keystone Cops instead, wh

My blog on the Illinois water hack was directly based on a formal disclosure announcement by the Illinois State Terrorism and Intelligence Center - STIC (Note: My blog did not identify the state involved. That disclosure came from DHS). The STIC disclosure was made on November 10; my blog was on November 17 after numerous water organizations told me they were unaware of the disclosure.

Per the WaterISAC portal, the WaterISAC (Information Sharing and Analysis Center) is a community of water sector professionals who share a common purpose: to protect public health and the environment. The WaterISAC provides email notifications about threats and any incidents demanding immediate attention. Consequently, one of the driving reasons for writing the blog on the Illinois water system hack Thursday was the WaterISAC had not yet notified the water utilities.

Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:

There is a perception that control systems, including field devices, have cyber forensic capabilities similar to those of IT systems. That perception is wrong. A control system generally has a Microsoft front-end human-machine interface (HMI) that should have adequate cyber forensics. The critical part of control systems are the field devices that automatically measure and control the processes, for example, the controllers that Stuxnet attacked. They generally do not have cyber forensics.

Symantec posted on their site the latest information on the next chapter of Stuxnet. The site says that "Duqu" is a new threat whose goal is to gather intelligence in order to conduct a future Stuxnet-like attack.

Duqu has nearly identical parts to Stuxnet, but it has a completely different purpose. Its purpose is to gather intelligence and assets like design documents that will give the attackers the insights they need to mount a future, highly-targeted attack on organizations such as industrial control facilities.

The final agenda can be found at www.realtimeacs.com There are several unique hallmarks of the conference:

• Discussions of actual control system cyber impacts
• The significant amount of discussion makes keeping a schedule almost impossible
• Many of the presenters are not recognizable as they are not the typical speakers – these are the control system cyber security experts.

Wednesday September 21

High Points:

Fooling around in the social media corner of the Internet this morning, and came across this link (http://asian-power.com/node/11144) on Facebook via Eric Byres.

Just wanted to share with you the latest press release:

Siemens SCADA Specialists and Consultants to Provide Best Practices

The industry uses the general term "threat information," but during more detailed discussions, it seems that the information companies seek is more like the traditional military concept of "tactical information."

Read this article and let us know if you agree.