Threat Intelligence

3/31/2016
12:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

New Portal Launched For ICS/SCADA Threat Intelligence-Sharing Among Nations

The EastWest Institute teamed up with the US ICS-ISAC to create a platform for critical infrastructure operators worldwide to share threat data.

In the aftermath of the unprecedented cyberattack that led to a blackout in Ukraine last December, members of the US ICS-CERT team flew to Kiev to get debriefed by their Ukrainian counterparts. It was a crucial information-gathering trip as well as a reality-check for US critical infrastructure operators, according to US Department of Homeland Security officials, that such an attack could be pointed at power grids anywhere in the world.

The Ukraine power grid attack--although obviously targeted--“punctuated” the global nature of cyber threats in the ICS/SCADA community, says Chris Blask, chair of the ICS-ISAC, the US-based industrial control system/SCADA threat intelligence-sharing group.

Connecting power utilities and other critical infrastructure operators all over the world is the latest weapon in protecting these systems: a new portal launched this week by the ICS-ISAC and the nonprofit EastWest Institute (EWI) lets the critical infrastructure sector share and gather information from their counterparts in other nations.

The EWI Information Sharing Community portal is based on the Facebook At Work collaboration platform, and initially is being used for sharing threat information, best practices, lessons learned, and other information. It ultimately will be built out to share more sensitive threat intel including indicators of compromise such as malware markers or malicious IP addresses associated with an attack suffered by a power plant, for example.

“It’s [about] global situational awareness,” Blask says. “If something happens, you have a space where you an reach out and have people help ... as opposed to Google [searches] and a phone call.”

Blask says while groups such as the ICS-ISAC are open to international members, it’s still a US-based entity, so the new portal backed by EWI provides a more global connection for ICS/SCADA operators and interests. “They are using this platform for building [online] groups and communities,” he says, and ultimately, it will be built out for real-time, machine-readable threat intel feeds via the STIX (Structured Threat Information Expression) and TAXII (Trusted Automation Exchange of Indicator Information) protocols, he says.

A few hundred users have signed up so far, and the portal includes public and private areas, much like other threat intel-sharing portals. Among the early adopters are law enforcement groups, ICS vendors and ICS operators, and research and academic institutions, from around the world.

“We started with the premise that we might have a better chance at securing critical  infrastructure individually if we looked at it globally,” says Tom Patterson, chair of a group on strengthening critical infrastructure resilience and preparedness that launched the initiative. “We got great response from all over the world ... It encouraged us to create a global information exchange in a trusted forum. It’s a way for them to share information among themselves on threats and counter-measures.”

Patterson, who is vice president and global security leader for Unisys, says the EWI Information Sharing Community is not technically a global ISAC or ISAO for ICS/SCADA, but more of a place for public and private sector operators of critical infrastructure, different nations' ISACs, and government agencies to collaborate.

Kenya’s ICT Secretary at its Ministry of Information Communication and Technology, in a statement said her nation plans to participate. "Kenya is taking an active role in addressing cybersecurity risks. We welcome this opportunity to share lessons learned with others in the global critical infrastructure community,” ICT secretary Katherine Getao said.

The ICS-ISAC has set up a registration page for the new portal.

Related Content:

 

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Click here for pricing information and to register.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.