http://eandt.theiet.org/news/2014/jan/ics-security.cfm
By James Hayes
Engineering and Technology Magazine
28 January 2014
Data available from mainstream online media -- such as blogs, social
networking websites, and specialist online publications -- could be used
by malevolent agents to mount a cyber-attack on UK critical national
infrastructure (CNI), the findings of an investigative assessment to be
presented next week will warn.
Key information regarding vulnerabilities in Industrial Control Systems
(ICSs) and Supervisory Control and Data Acquisition (SCADA) systems is now
openly available from a range of sources on the public Internet, according
to 'Using Open Source Intelligence to Improve ICS & SCADA Security' from
UK design and engineering consultancy Atkins, being presented as part of
the IET seminar 'Cyber Security for Industrial Control Systems' on 6
February in London.
The investigation discovered that many industrial sector websites and
academic papers, for example, also provide some information about
potential attack vectors, including the identification of engineering
staff, their social media information used to corroborate control systems
data, and their suitability for social engineering attempts.
The identification of known vulnerabilities and exploits against specific
types of control systems can also be accessed online, along with the
identification of third-parties such as contractors and control system
integrators, who have detailed knowledge and physical network access.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
