RSA Conference 2017: Recap of the ICS Sandbox

Matt Cowell

The 2017 RSA Conference wrapped up this week in San Francisco and wow, what a show! The sheer size and scale of the event was absolutely jaw dropping. It’s hard to find the words to do it justice. Organizers estimated that 40,000-50,000 people attended the show and considering the size, RSAC does a great job with the organization of the event and providing an impressive experience overall.
Continue reading “RSA Conference 2017: Recap of the ICS Sandbox”

Cyber Security for a New Type of Critical Infrastructure

Regulators Weigh in on Medical Devices

Benga Erinle, 3eTI President

While the medical device as a cyber-attack target has increasingly concerned health regulators in recent years, the risk may come as news to many in traditional ICS infrastructure circles. For cyber security specialists focused on control systems that power electrical grids and transportation networks, priority status often goes to endpoints such as sensors and meters, not on pacemakers and insulin pumps.

It may be time to expand security strategies for critical infrastructure to include the digital frameworks interconnecting smart medical devices. On December 28, the Food and Drug Administration (FDA) published new guidelines to better manage cyber security for medical devices. As with regulatory direction in industrial and manufacturing automation, officials called device security a shared responsibility, focusing attention on postmarket security issues such as vulnerability response and remediation.

In discussing the guidance on FDA’s blog, the agency’s associate director for science and strategic partnerships said that cyber security threats are “real, ever-present, and continuously changing. In fact, hospital networks experience constant attempts of intrusion and attack that can pose a threat to patient safety.” This will sound very familiar to, among others, power plant operators.

Also noteworthy is FDA’s position that medical device manufacturers should implement a comprehensive program to manage cyber-risk. This means that manufacturers should:[1]

  • Have a way to monitor and detect cyber security vulnerabilities in their devices
  • Understand, assess and detect the level of risk a vulnerability poses to patient safety
  • Establish a process for working with cyber security researchers and other stakeholders to receive information about potential vulnerabilities (known as a “coordinated vulnerability disclosure policy”)
  • Deploy mitigations (software patches, for example) to address cyber security issues before they can be exploited and cause harm

We applaud FDA for recognizing cyber-risk in the critical industry of medical devices, and for sponsoring coordinated and comprehensive action to mitigate potentially devastating cyber-threats. Those of us who have long advocated for such controls in industrial systems know the threat is real and how steep the road is to tackle it.

[1] FDA Voice: Managing Medical Device Cybersecurity in the Postmarket: At the Crossroads of Cyber-safety and Advancing Technology, Suzanne B. Schwartz, M.D., M.B.A., December 27, 2016.

Cyber Security Spotlight: Next Generation Firewalls within the ICS network

ben-photoOn occasion, our security technologists provide overviews on topics of interest for businesses interested in or using our solutions. Sometimes, we believe the information provided may be of interest to wider audiences. This article represents one such topic. We hope readers will find it informative. Continue reading “Cyber Security Spotlight: Next Generation Firewalls within the ICS network”

Defending ICS: How Are We Doing?

sdemattio 60x80Seven months have passed since the Department of Homeland Security issued Seven Strategies to Defend ICSs and the time seems ripe to consider the state of control system cyber security.

As we in the industry well know, the past 16 years have marked nearly 2000 publicly disclosed vulnerabilities and intrusions of varying degrees of severity to the systems that drive our power and water supplies, production lines and more. The vulnerabilities most threatening to ICS are firewall-indifferent for the most part, afflicting the sensors, programmable logic controllers (PLC) and networks that automate and monitor, for example, climate control, lighting, perimeter security and water flow. Continue reading “Defending ICS: How Are We Doing?”

When a Nuclear Plant is Hacked, It’s Time for New Best Practices

AlexMost of us won’t lightly brush off news of a hacked nuclear power plant. As was widely reported April 27, one such incident involved the Gundremmingen plant in Germany that was found to be infected with malware intended to allow remote access. Even though the viruses seem to have posed no threat to operations of the plant 75 miles from Munich, it’s scary stuff when malware finds its way into a nuclear facility, and onto its industrial control system (ICS). It’s scarier still when the infection surfaces in a system that was a) upgraded and air-gapped, and b) responsible for moving nuclear fuel rods. Continue reading “When a Nuclear Plant is Hacked, It’s Time for New Best Practices”