10-15-18 – News This Past Week

The future of OT security in modern industrial operations
Both the likelihood and consequences of cyberattacks to OT/ICS components continue to grow for modern industrial operations
https://www.helpnetsecurity.com/2018/10/15/future-ot-security/

It’s the real Heart Bleed: Medtronic locks out vulnerable pacemaker programmer kit
The watchdog’s alert this week comes after Irish medical device maker Medtronic said it will lock some of its equipment out of its software update service, meaning the hardware can’t download and install new code from its servers
https://www.theregister.co.uk/2018/10/12/medtronic_pacemaker_programmer_security/

Internet Hacking Is About to Get Much Worse
The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data. Security is not a problem the market will solve. The government needs to step in and regulate this increasingly dangerous space.
https://www.nytimes.com/2018/10/11/opinion/internet-hacking-cybersecurity-iot.html

The Better Way: Threat Analysis & IIoT Security
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
https://www.darkreading.com/perimeter/the-better-way-threat-analysis-and-iiot-security-/a/d-id/1332983

New Pentagon Weapons Systems Easily Hacked: Report
The Government Accountability Office said the Pentagon was unaware of how easy it could be for an adversary to gain access to the computer brains and software of the weapons systems and operate inside them undetected
https://www.securityweek.com/new-pentagon-weapons-systems-easily-hacked-report

Many Siemens Products Affected by Foreshadow Vulnerabilities
The security holes could allow malicious applications to obtain potentially sensitive information from a device’s memory, including data associated with operating systems, apps and virtual machines
https://www.securityweek.com/many-siemens-products-affected-foreshadow-vulnerabilities

Constructing the Future of ICS Cybersecurity
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges
https://www.darkreading.com/perimeter/constructing-the-future-of-ics-cybersecurity/d/d-id/1332995

Security Vulnerabilities in US Weapons Systems
The US Government Accounting Office just published a new report: “Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities” (summary here). The upshot won’t be a surprise to any of my regular readers: they’re vulnerable
https://www.schneier.com/blog/archives/2018/10/security_vulner_17.html

Report: US weapons systems are highly vulnerable to cyber attacks
The Department of Defense will have to ramp up its cybersecurity efforts now that it’s planning to spend $1.66 trillion to develop major weapons systems. According to a new report (PDF) by the Government Accountability Office, nearly all of Pentagon’s weapons systems are vulnerable to cyberattacks
https://www.engadget.com/2018/10/10/pentagon-weapons-systems-gao-report/

Posted in Uncategorized.