Thursday, May 07, 2020

What I'm Reading 5/7/2020 - Mainly Critical Infrastructure Cybersecurity Today

Reuters - Facebook names first members of oversight board that can overrule Zuckerberg -
The independent board, which will be able to overturn Facebook and its CEO Mark Zuckerberg’s decisions on whether individual pieces of content should be allowed on Facebook and Instagram, is a high-profile response to criticism of how the social media company handles problematic content. 
(T)his new Executive Order is long overdue, and addresses many longstanding concerns. The Executive Order demonstrates a high level of technical details and detailed knowledge of existing gaps and vulnerabilities in bulk power equipment and Operations including identifying a specific minimum bulk power voltage level. As a result, the Executive Order will reopen much needed dialogue to address security and policy issues between regulators, policy makers, manufacturers (OEMs) and owner/operators. More specifically, we can expect to see a growing debate on authorities and responsibilities between the Federal Energy Regulatory Commission (FERC), the North American Electric Reliability Corporation (NERC), the Nuclear Regulatory Commission (NRC), etc.  Additionally, the Executive Order will directly challenge core NERC Critical Infrastructure Protection (CIP) cyber security requirements that previously excluded the specific bulk electric equipment identified in the Executive Order. 
When we started the program in 2000 there was little understanding about cyber security beyond it being an “e-mail problem”. There was, and continues to be, little buy-in of cyber security by the substation and power plant communities. Moreover, cybersecurity policymakers, including in the NERC CIP process, have assumed that control systems are simply another type of IT infrastructure and, therefore, IT policies, technologies, training, and testing methodologies apply. This is also why much of the current focus is on the Human Machine Interfaces-HMIs (Windows) rather than the actual control systems. There have been numerous cases where IT security policies, procedures, technology, and/or testing have impacted control system operation, sometimes actually damaging control systems. Moreover, keeping the focus on the HMIs have left the unsecured control syetem devices unmonitored for cyber security.

The NERC CIP process changed the face of cyber security in the electric industry. The overwhelming positive of the NERC CIPs was getting management attention to the concept of cyber security. However, the ultimate goal changed from keeping lights on to keeping the networks available – these are not the same.
Since I do a lot of network penetration tests, where quite often I need to scan large networks (and report on findings), I found some NSE scripts unbelievably useful – this diary will contain some of the top NSE scripts I use during penetration tests – let us know if you have other candidates!

The bad news is that whoever wrote this malware decided to be doubly destructive: it scrambles the files on your C: drive using a secret decryption key, but it wipes out the files on all your other drives, looping through all the letters A: to Z: except C:, issuing commands to delete all the files and directories it can find.

The good news is that the programmer of Ransom-FXO didn’t take much care over the encryption part, and used a hardcoded cryptographic key that can fairly easily be extracted from the malware file.

 

No comments: