Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/31/2016
12:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

New Portal Launched For ICS/SCADA Threat Intelligence-Sharing Among Nations

The EastWest Institute teamed up with the US ICS-ISAC to create a platform for critical infrastructure operators worldwide to share threat data.

In the aftermath of the unprecedented cyberattack that led to a blackout in Ukraine last December, members of the US ICS-CERT team flew to Kiev to get debriefed by their Ukrainian counterparts. It was a crucial information-gathering trip as well as a reality-check for US critical infrastructure operators, according to US Department of Homeland Security officials, that such an attack could be pointed at power grids anywhere in the world.

The Ukraine power grid attack--although obviously targeted--“punctuated” the global nature of cyber threats in the ICS/SCADA community, says Chris Blask, chair of the ICS-ISAC, the US-based industrial control system/SCADA threat intelligence-sharing group.

Connecting power utilities and other critical infrastructure operators all over the world is the latest weapon in protecting these systems: a new portal launched this week by the ICS-ISAC and the nonprofit EastWest Institute (EWI) lets the critical infrastructure sector share and gather information from their counterparts in other nations.

The EWI Information Sharing Community portal is based on the Facebook At Work collaboration platform, and initially is being used for sharing threat information, best practices, lessons learned, and other information. It ultimately will be built out to share more sensitive threat intel including indicators of compromise such as malware markers or malicious IP addresses associated with an attack suffered by a power plant, for example.

“It’s [about] global situational awareness,” Blask says. “If something happens, you have a space where you an reach out and have people help ... as opposed to Google [searches] and a phone call.”

Blask says while groups such as the ICS-ISAC are open to international members, it’s still a US-based entity, so the new portal backed by EWI provides a more global connection for ICS/SCADA operators and interests. “They are using this platform for building [online] groups and communities,” he says, and ultimately, it will be built out for real-time, machine-readable threat intel feeds via the STIX (Structured Threat Information Expression) and TAXII (Trusted Automation Exchange of Indicator Information) protocols, he says.

A few hundred users have signed up so far, and the portal includes public and private areas, much like other threat intel-sharing portals. Among the early adopters are law enforcement groups, ICS vendors and ICS operators, and research and academic institutions, from around the world.

“We started with the premise that we might have a better chance at securing critical  infrastructure individually if we looked at it globally,” says Tom Patterson, chair of a group on strengthening critical infrastructure resilience and preparedness that launched the initiative. “We got great response from all over the world ... It encouraged us to create a global information exchange in a trusted forum. It’s a way for them to share information among themselves on threats and counter-measures.”

Patterson, who is vice president and global security leader for Unisys, says the EWI Information Sharing Community is not technically a global ISAC or ISAO for ICS/SCADA, but more of a place for public and private sector operators of critical infrastructure, different nations' ISACs, and government agencies to collaborate.

Kenya’s ICT Secretary at its Ministry of Information Communication and Technology, in a statement said her nation plans to participate. "Kenya is taking an active role in addressing cybersecurity risks. We welcome this opportunity to share lessons learned with others in the global critical infrastructure community,” ICT secretary Katherine Getao said.

The ICS-ISAC has set up a registration page for the new portal.

Related Content:

 

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Click here for pricing information and to register.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20733
PUBLISHED: 2021-06-22
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
CVE-2021-20734
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
CVE-2021-20735
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to ...
CVE-2021-20736
PUBLISHED: 2021-06-22
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
CVE-2021-20737
PUBLISHED: 2021-06-22
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.