About the conference:

At SANS Network Security 2010, you’ll get hands-on, immersion training from SANS world-class, award-winning instructors and learn what it takes to stop cyber crime for your organization. If you have attended this event in the past, then you know how valuable it can be to your career and to the safety and preservation of your company’s online and computerized resources. If you are new to SANS Network Security 2010, SANS offers a high-energy program, hands-on labs, a huge Vendor Solutions Expo, evening talks on the most timely security challenges, plus a myriad of networking opportunities. 

Conference links:

Conference website

Registration

About the conference:

Fall Seminar Series, “Roundtable in the Rockies”

Denver, Colorado * Inverness Hotel & Conference Center

Conference links:

Conference website

Registration

About the conference:

SANS training is well-known for being relevant and pragmatic. All SANS Instructors are industry leaders who have earned SANS the SC Magazine Best Professional Training Program Award for 2009 and 2010. Our award-winning faculty has proven they understand the challenges you face on a daily basis. Their real-world experience increases the practical value of the course material.

Conference links:

Conference website

Registration

This year’s symposium promises to provide excellent sessions and discussions, beginning at 8:00 a.m. on Tuesday, August 17th with a full day of short courses on key plant performance topics and products.  Wednesday through mid-day Friday will include a variety of topical presentations, papers, and discussions, with Scientech Technology Night on Wednesday, August 18th. Tentative agenda items include:

• Users’ experiences with Scientech products
• Presentations about technology applied to improving plant performance
• Scientech presentations on new products and services
• Roundtable discussion of industry needs driving Scientech service improvements
• Day of fun for spouses who attend Symposium

Conference links:

Conference website

Registration

About the conference:

Thirty-sixth NITSL Workshop in Charleston, South Carolina at the Charleston Marriott Hotel, 170 Lockwood Boulevard Charleston, South Carolina 29403.

THEME: Nuclear Safety: Setting the Global IT Standard

Conference links:

Conference website

Member registration

Vendor registration

Computer hackers have begun targeting power plants and other critical operations around the world in bold new efforts to seize control of them, setting off a scramble to shore up aging, vulnerable systems.

Cyber criminals have long tried, at times successfully, to break into vital networks and power systems. But last month, experts for the first time discovered a malicious computer code — called a worm — specifically created to take over systems that control the inner workings of industrial plants.

In response to the growing threat, the Department of Homeland Security has begun building specialized teams that can respond quickly to cyber emergencies at industrial facilities across the country.

As much as 85 percent of the nation’s critical infrastructure is owned and operated by private companies, ranging from nuclear and electric power plants to transportation and manufacturing systems. Many of the new attacks have occurred overseas, but the latest episode magnified worries about the security of plants in the U.S.

“This type of malicious code and others we’ve seen recently are actually attacking the physical components, the devices that open doors, close doors, build cars and open gates,” said Sean McGurk, director of control systems security for Homeland Security. “They’re not just going after the ones and zeros (of a computer code), they’re going after the devices that actually produce or conduct physical processes.”

Officials have yet to point to any operating system that has been compromised by the latest computer worm. But cyber experts are concerned that attacks on industrial systems are evolving.

In the past, it was not unusual to see hackers infiltrate corporate networks, breaking in through gaps and stealing or manipulating data. The intrusions, at times, could trigger plant shutdowns. The threat began to escalate last year, with cyber criminals exploiting weaknesses in systems that control what the industries do.

The latest computer worm, dubbed Stuxnet, was an even more alarming progression. Now hackers are creating codes to actually take over the critical systems.

In many cases, operating systems at power plants and other critical infrastructure are decades old. Sometimes they are not completely separated from other computer networks used by companies to run administrative systems or even access the Internet.

Those links between the administrative networks and the control systems provide gateways for hackers to insert malicious codes, viruses or worms into the programs that operate the plants.

Sitting in his office not far from Homeland Security’s new state-of-the-art cyber operations center, McGurk recently held out a small blue computer flash drive containing the destructive Stuxnet worm.

Experts in Germany discovered the worm, which has since shown up in a number of attacks — primarily in Iran, Indonesia, India, and the U.S., according to Microsoft. Stuxnet had tried to infect as many as 6,000 computers, as of July 15, according to Microsoft data.

German officials transmitted the malware to the U.S. through a secure network, and experts at the Energy Department’s Idaho National Laboratory began to analyze it.

In plain terms, the worm was able to burrow into some operating systems that included software designed by Siemens AG, by exploiting a vulnerability in several versions of Microsoft Windows.

On Monday, Microsoft released another update to address the problem, and Siemens has taken similar steps.

Annual reports issued by Homeland Security and the Department of Energy have detailed weaknesses in the industrial computer systems, and have repeatedly pressed companies to improve security practices. Reports as recently as this May urged companies to routinely download patches to update software, change and improve passwords, carefully restrict access to critical systems and use firewalls to separate commonly used networks from those that control key systems.

A successful attack against a critical control systems, the Energy Department warned in its May report, “may result in catastrophic physical or property damage and loss.”

Over the past year, Homeland Security has quietly been deploying teams of experts around the country to assess weaknesses in industrial control systems. The agency has created four teams and — with a budget scheduled to increase from $10 million this year to $15 million next year — has plans to grow to 10 teams in 2011.

The teams are armed with a $5,000 kit: a black, suitcase-sized bag crammed with cables, converters, data storage and high-tech computer forensic tools. With that equipment, they can download the problem malware, analyze it and work with the companies to correct or clean their systems.

So far, said McGurk, the teams have done 50 assessments and have been dispatched 13 times to investigate and help correct cyber incidents and attacks. Nine of those cases involved some type of deliberate cyber intrusion, while the other four were the unintended result of an operator’s action.

In one of the nine intrusion cases, a company representative had gone to a conference and had the presentation documents downloaded onto a computer flash drive.

One of the files was infected with the Mariposa botnet, a malicious software code that has infected 12 million computers worldwide, including hundreds of companies and at least 40 major banks in 190 countries since appearing in December 2008.

When the man returned to his office and connected his laptop to the company’s network, the botnet spread, eventually affecting nearly 100 computers.

A Homeland Security team was called in and helped the company evaluate the problem and begin to clear up the system.

View the article

By Lolita C. Baldor(AP)

Google.com, August, 2010

The discovery of the first worm to target networks controlling power plants points has prompted an expansion of specialized forensic teams to combat the cybersecurity threat.

The Department of Homeland Security (DHS) plans to ramp up a program that sends specialized forensic teams to combat the cybersecurity threat on U.S. critical control systems, such as those that control power plants, industrial facilities and air-traffic control systems.

For the past year, the DHS has sent out four special teams — collectively a part of the Industrial Control System Computer Emergency Readiness Team — on missions to examine these systems to determine threats and respond to technical-support calls from private-sector partners.

However, the department plans to expand the program next year, a move that coincides with the discovery last month of the first worm designed to specifically attack such systems.

“There is no shortage of demand for this service from the DHS among our partners in the private sector,” said DHS spokesman Amy Kudwa Wednesday. “That there has been this worm that is specifically focused on control systems only solidifies our focus on expanding this program.”

The system attacked was based on technology from Microsoft and Siemens, which have developed patches for the worm, she added.

The worm attacked four systems, none of which were in the U.S. However, its presence is enough to put the DHS on alert for more direct attacks on critical systems.

The specialized control-system teams — which fall under the purview of the National Cybersecurity Division (NCSD), part of the DHS Office of Cybersecurity and Communications — went on 13 missions last year armed with a $5,000 case full of specialized forensic technology to identify malware on control systems

The expansion of the NCSD’s budget for the program from $10 million to $15 million is meant to increase the number of teams available for these service calls from four to 10 in 2011.

Response to the threat on critical control systems is not new. The DHS has been keeping a close eye on them and published reports about how to address vulnerabilities for about five years. The systems are high risk given that they are often built on outdated technology that does not have the same security level as newer systems.

Earlier this month, the Wall Street Journal revealed that the National Security Agency (NSA), too, is expanding its interest in protecting control systems. The agency is set to launch a program specifically aimed at assessing vulnerabilities and developing capabilities to secure them.

While the government’s interest in these systems is aimed at keeping crucial systems protected and online in the event of a cyberattack, it also has raised questions of privacy and just exactly what the government’s role should be in protecting privately owned networks.

View the article

By Elizabeth Montalbano

Information Week, August 4, 2010

In the USA today, Siemens is strongly warning its users that Trojan, which is the name of a certain malware program is directly targeting PCS 7 as well as Simatic WinCC. This virus is further distributed with the use of USB memory sticks. The sad part is that it is very good at taking advantage of the present vulnerabilities of Microsoft security.

As reported, the malware has negative results on all of the Windows computers, especially from XP on up.

Unfortunately, merely one click in order to view the contents of a particular USB memory stick can actually end up activating the Trojan virus. This is why Siemens recommends its users to, as much as possible; avoid using a USB memory stick on multiple personal computers, especially those that are running the WinCC software.

The Virus

This malicious code has been named W32 or Stuxnet-B. It propagates through USB drives that have been infected with the malformed shortcut .lnk files. The code is activated when the user starts to insert the memory stick and then clicks to view the contents of that particular USB with the use of Windows Explorer or some other applications that gets to display the icons of the files.

Although it is true that its main aim is WinCC, it can still target any of the systems under Windows, as long as it is capable of accepting removable media. The code seems to rely largely on undisclosed vulnerability in how Windows .lnk files are handled.

Smart Malware

It is quite smart, actually, since it is well aware that it needs to bypass the readily installed Microsoft controls that make sure that drivers are to be signed digitally. Being a smart malicious code as it is, its creators made sure that it contained the digital signature of Realtek Semiconductor Corp. This way, it could gain all access entry.

With this virus up and coming on Siemens gadgets, the company decided to take all precautions in order to alert its loyal clients to the possible dangers of this aforementioned malware. The sales team has already been informed, and the company’s customer representatives will be speaking directly to the clients in order to fully and genuinely explain the given circumstances. As the first warning, Siemens tells their users to actively check their computer’s systems, especially ones that have been installed with WinCC.

To date, a trio of highly effective virus scan programs has already been recommended for systems that are under Siemens. They are, namely, Symantec, Trend Micro, and McAfee, which also happen to be the best virus scan programs in the entire market. Additionally, their latest versions or upgrades are also the best when it comes to successfully detecting Trojan.

Deploying such virus scan programs on Runtime environment can have some unexpected results. To date, these results are still being investigated fully in order for everyone to obtain further understanding on the matter. Still, experts are pretty much verbal in implying that approval will be issued very shortly.

View the article

Tech Genie, August 2, 2010

The recently discovered Stuxnet worm that contains the password for Siemens’ SCADA systems is wreaking havoc around the world.

The Simatic WinCC SCADA system, which runs on Windows and is used by many utilities and factories, uses a database that is protected by a hard-coded password that has been publicly revealed on a couple of forums back in 2008.

The worm takes advantage of a yet unpatched Windows vulnerability affecting the way that Windows handles shortcut files, which allows it to spread via CDs, USB sticks or file-sharing among computers in a network.

If it finds SCADA software, the worm proceeds to enter the database and search project files, then tries to copy them to an external website. If it fails to find said software, it simply copies itself somewhere on the system and lays dormant.

This particular worm is obviously intent on stealing all the information about the way that these companies work – counterfeiters will have a field day with it.

The worm is spreading like fire – Symantec registers some 9,000 attempts of infection per day. SCADA users are panicking and consider changing the hard-coded password.

Siemens recommends against it, as it could disrupt the whole system. According to Network World, they promise to publish a customer guidance document soon, but they say that the solution will definitely now involve a change of password. They also mean to set up a website that will offer details about the worm.

In the meantime, Microsoft has released a security advisory regarding the vulnerability, and advises users to disable icons from being displayed for shortcuts and/or disable the WebClient service.

Siemens’ spokesman Michael Krampe said that the company “has started to develop a solution, which can identify and systematically remove the malware,” but didn’t offer a date for the release of the software.

View the article

By Zeljka Zorz

Help Net Security, July 20, 2010

Waterfall Security Solutions Ltd (Waterfall) reported today that it has finalized an operational implementation at Petroleum & Energy Infrastructures Ltd (PEI), a leading oil products and infrastructure company.PEI’s Chief Information Officer commented that “Our networks and facilities are serving the nation’s energy infrastructure. Providing real-time monitoring information out of these networks is an important business and operational need. Waterfall’s Security Gateway, inherently supporting SCADA protocols and industrial applications, enables us to achieve this, without the risk.”

Petroleum & Energy Infrastructures Ltd. is the leading corporation for oil products infrastructures in Israel. Fully owned by the Israeli government, the company provides state-of-the-art fuel oil infrastructure services to the country’s entire energy market. Though serving a national mission, PEI is an economic entity that functions according to market forces and changing conditions in the international arena.

The company’s activities span the full spectrum of infrastructure services, from export and import, to supply, storage and piping of fuel to all parts of Israel, as well as handling crude oil and refined products.

“We are happy to serve PEI’s security and regulatory needs with our unique technology and solutions,” said Lior Frenkel, Co-Founder and CEO of Waterfall Security Solutions. “Security risks for Oil and Gas infrastructures , facilities and pipelines are becoming more prevalent in the form of cyber terror and cyber threats. We see an increasing demand for our top security solutions from this market.”

Waterfall’s patented cyber security solutions enable Utilities and Infrastructures to fulfill their business needs of updating headquarters and other entities with real-time production information from the industrial networks, without exposing these networks to the risks and threats of cyber-attacks, cyber terror and hacking from the external, less secure networks.

About Waterfall Security Solutions:

Waterfall Security Solutions Ltd. is the leading provider of Unidirectional Security Gateways(TM) and data diodes for Control networks, SCADA systems, Remote Monitoring and Segregated Networks. Waterfall’s security solutions assist Utilities and Critical Infrastructures to easily and comfortably achieve compliance with NERC-CIP, NRC, NIST and other regulations as well as cyber-security best practices.

Waterfall’s products have been deployed in many utilities, critical national infrastructures, mission critical environments and homeland security agencies throughout North America, Europe and Israel. Waterfall’s offerings include support to leading industrial applications, such as: OSIsoft PI(TM) Historian, GE Proficy(TM) iHistorian, the Siemens SIMATIC(TM) and the GE OSM(TM) remote monitoring platforms, and leading industrial protocols, such as: OPC, Modbus, DNP3 and ICCP.

View the article

Yahoo Finance, July 12, 2010