Threat Intelligence

3/31/2016
12:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

New Portal Launched For ICS/SCADA Threat Intelligence-Sharing Among Nations

The EastWest Institute teamed up with the US ICS-ISAC to create a platform for critical infrastructure operators worldwide to share threat data.

In the aftermath of the unprecedented cyberattack that led to a blackout in Ukraine last December, members of the US ICS-CERT team flew to Kiev to get debriefed by their Ukrainian counterparts. It was a crucial information-gathering trip as well as a reality-check for US critical infrastructure operators, according to US Department of Homeland Security officials, that such an attack could be pointed at power grids anywhere in the world.

The Ukraine power grid attack--although obviously targeted--“punctuated” the global nature of cyber threats in the ICS/SCADA community, says Chris Blask, chair of the ICS-ISAC, the US-based industrial control system/SCADA threat intelligence-sharing group.

Connecting power utilities and other critical infrastructure operators all over the world is the latest weapon in protecting these systems: a new portal launched this week by the ICS-ISAC and the nonprofit EastWest Institute (EWI) lets the critical infrastructure sector share and gather information from their counterparts in other nations.

The EWI Information Sharing Community portal is based on the Facebook At Work collaboration platform, and initially is being used for sharing threat information, best practices, lessons learned, and other information. It ultimately will be built out to share more sensitive threat intel including indicators of compromise such as malware markers or malicious IP addresses associated with an attack suffered by a power plant, for example.

“It’s [about] global situational awareness,” Blask says. “If something happens, you have a space where you an reach out and have people help ... as opposed to Google [searches] and a phone call.”

Blask says while groups such as the ICS-ISAC are open to international members, it’s still a US-based entity, so the new portal backed by EWI provides a more global connection for ICS/SCADA operators and interests. “They are using this platform for building [online] groups and communities,” he says, and ultimately, it will be built out for real-time, machine-readable threat intel feeds via the STIX (Structured Threat Information Expression) and TAXII (Trusted Automation Exchange of Indicator Information) protocols, he says.

A few hundred users have signed up so far, and the portal includes public and private areas, much like other threat intel-sharing portals. Among the early adopters are law enforcement groups, ICS vendors and ICS operators, and research and academic institutions, from around the world.

“We started with the premise that we might have a better chance at securing critical  infrastructure individually if we looked at it globally,” says Tom Patterson, chair of a group on strengthening critical infrastructure resilience and preparedness that launched the initiative. “We got great response from all over the world ... It encouraged us to create a global information exchange in a trusted forum. It’s a way for them to share information among themselves on threats and counter-measures.”

Patterson, who is vice president and global security leader for Unisys, says the EWI Information Sharing Community is not technically a global ISAC or ISAO for ICS/SCADA, but more of a place for public and private sector operators of critical infrastructure, different nations' ISACs, and government agencies to collaborate.

Kenya’s ICT Secretary at its Ministry of Information Communication and Technology, in a statement said her nation plans to participate. "Kenya is taking an active role in addressing cybersecurity risks. We welcome this opportunity to share lessons learned with others in the global critical infrastructure community,” ICT secretary Katherine Getao said.

The ICS-ISAC has set up a registration page for the new portal.

Related Content:

 

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Click here for pricing information and to register.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4035
PUBLISHED: 2019-03-22
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X...
CVE-2019-4052
PUBLISHED: 2019-03-22
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
CVE-2019-9648
PUBLISHED: 2019-03-22
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
CVE-2019-9923
PUBLISHED: 2019-03-22
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVE-2019-9924
PUBLISHED: 2019-03-22
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.