This article, written by researcher Brian Krebs, describes critical security flaws that can expose security cameras and internet-capable consumer electronic devices to eavesdropping, credential theft, and remote compromise. The flaws include a...

This article, written by researcher Brian Krebs, describes critical security flaws that can expose security cameras and internet-capable consumer electronic devices to eavesdropping, credential theft, and remote compromise. The flaws include a weakness in peer-to-peer (P2P) communications technology and several other critical vulnerabilities. 

The flawed software was developed by China-based Shenzhen Yunni Technology and is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. These types of devices are attractive to consumers because of their easy-access remote-access capabilities and ease of installation. This kind of ease of use and convenience can sometimes cost consumers in security and privacy; this article describes these in great detail.

NERC’s President and Chief Executive Officer Jim Robb stresses the importance of participation in NERC’s grid security exercise, GridEx, in a recent GridEx video. The exercise, held every two years, continues to be a vital part of...

NERC’s President and Chief Executive Officer Jim Robb stresses the importance of participation in NERC’s grid security exercise, GridEx, in a recent GridEx video. The exercise, held every two years, continues to be a vital part of improving cyber and physical security preparedness to protect the bulk power system across North America. The exercise is scheduled for Nov. 13–14. 

View the GridEx video here [hXXps://vimeopro.com/nerclearning/gridex/video/322825228].

Additional information on GridEx V is located here [hXXps://www.nerc.com/pa/CI/CIPOutreach/Pages/GridEx.aspx].

E-ISAC was provided the attached documents directed to the Dam sector: Attachment 1: Official CISA/FERC Correspondence  Attachment 2: Dams Sector Cybersecurity Capability Maturity Model (C2M2) Attachment 3: Dams Sector C2M2 Implementation...

E-ISAC was provided the attached documents directed to the Dam sector:

Attachment 1: Official CISA/FERC Correspondence 
Attachment 2: Dams Sector Cybersecurity Capability Maturity Model (C2M2)
Attachment 3: Dams Sector C2M2 Implementation Guide

WASHINGTON, D.C. – NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) and the MultiState Information Sharing & Analysis Center® (MS-ISAC®) announced an agreement to improve information sharing among the...

WASHINGTON, D.C. – NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) and the MultiState Information Sharing & Analysis Center® (MS-ISAC®) announced an agreement to improve information sharing among the organizations and their members with the goal of strengthening the cyber security of the nation’s critical electric infrastructure. The new agreement also deepens cooperation between the E-ISAC and the state and local government partners that the MS-ISAC represents. CIS® (Center for Internet Security, Inc.) is home to the MS-ISAC, and both are headquartered in New York. The Department of Homeland Security has designated MS-ISAC as the key cybersecurity resource for state, local tribal and territorial governments, including chief information officers, Homeland Security advisors and fusion centers. 

Through a variety of tools, both the E-ISAC and the MS-ISAC analyze potential physical and cyber security threats and use their respective secure portals to alert and advise members on mitigating threats. The goals of the E-ISAC and MS-ISAC under the partnership include:

-- Improve security collaboration on common threat information and incident response.

-- Provide joint analysis of security concerns and events.

-- Advance shared processes for information sharing and situational awareness.

-- Improve information sharing among all ISACs.

The E-ISAC and the MS-ISAC have agreed to use existing policies and procedures for safeguarding sensitive information under the partnership. 

For situational awareness, below please find a message from the Department of Homeland Security regarding working with NASA to secure Drone traffic. U.S. DEPARTMENT OF HOMELAND SECURITY Science and Technology   Snapshot: Working with NASA to...

For situational awareness, below please find a message from the Department of Homeland Security regarding working with NASA to secure Drone traffic.

U.S. DEPARTMENT OF HOMELAND SECURITY

Science and Technology


 

Snapshot: Working with NASA to Secure Drone Traffic [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&100&&&hXXps://www.dhs.gov/science-and-technology/news/2019/02/12/snapshot-working-nasa-secure-drone-traffic]

02/12/2019 09:06 AM EST

In a couple of years, the number of drones in the U.S. national airspace is projected to grow to more than seven million. So many drones together in the air at once has the potential to create serious safety, efficiency and security issues if not regulated. NASA, the Federal Aviation Administration (FAA) and industry have partnered to develop a capability to manage national airspace drone traffic in the future, called the Unmanned Aircraft Systems (UAS) Traffic Management (UTM) infrastructure, rolling out in phases over time.

The UTM is a cloud-based software architecture that promises organized flight of drones registered with the FAA (think of it as air traffic management, but automated and in the cloud). Anyone flying in the UTM system will need an interface to a UAS Service Supplier (USS) to submit flight intent to other users and receive authorizations for specific access.  This will allow the drones to communicate with UTM for pre-flight schedules and announce airspace use.

Because heightened drone traffic also produces challenges for law enforcement as they try to identify and interdict illicit activity, the Department of Homeland Security (DHS) Science and Technology Directorate [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&101&&&hXXps://www.dhs.gov/science-and-technology] (S&T) is working closely with NASA and the FAA to develop its own independent USS to monitor traffic and enable greater transparency.

Anonymous no more

USS interfaces could be developed in-house by a drone user that has the resources to develop their own, or more likely, they would connect through a third-party interface—in this respect, a USS works like an email server where you send your email on the internet through your internet provider.

Communication between UTM and different USS interfaces is meant to support the needs of the FAA, such as the managing flight plans. In addition, counter-drone systems can potentially use flight information and assist in discriminating friend from foe.

One S&T-supported counter-drone system in development, the Urban Counter-UAS Operational Prototype (UCOP), will be connected to UTM via the aforementioned DHS USS. The UCOP USS software processes flight information and notes any drones not identified as registered in UTM.

“If you have eleven drones in the air, but UTM only has ten of them registered, we can look further at what the eleventh drone is doing,” said Jeff Randorf, an S&T engineering advisor. “We’ll be able to query who is flying and find out specifics that support the interests of Homeland Security and the rest of the homeland security enterprise.”

Through the Low Altitude Authorization Notification Capability (LAANC) drone operators can get authorization(s) in near real-time to operate in controlled airspace, eliminating a sometimes days- or months-long manual process. UTM USS’s that are integrated with LAANC will communicate with each other over the Internet while operators connect to a USS via mobile devices, wired internet, or other electronic means.  Core features of a USS interface will be automated communication with FAA information systems, notification of events in airspace, and sharing of operational plans to de-conflict flights. Other services may be offered by a USS or other data providers and may include monitoring of weather and terrain data.

S&T’s USS and UCOP systems will work to ensure drones that are not authenticated receive special attention while flying in the national airspace.

Flying forward

NASA’s UTM system can serve as a resource to help counter any illicit drone activity arising from a higher volume of drone traffic, and the DHS USS, paired with UCOP and other tools like it is a step further in that effort.

Drone demonstrations and trials through S&T’s Robotic Aircraft Sensor Program (RASP) will provide DHS and suppliers of drone technologies a picture of how law enforcement drones will function in the national airspace, UCOP and other counter-UAS systems connected to UTM will help DHS, Department of Defense (DoD) and First Responders keep the national airspace safe.

“The community of stakeholders around small aircraft in lower altitudes has kicked up,” said Joseph Rios, Chief Engineer of the NASA UTM project. “UTM will create a system for enabling safe, efficient access to low-altitude airspace.”

UTM began as a NASA concept and evolved to a NASA research project that continues today.  This research is building the theoretical foundation for getting drones operating in airspace not typically controlled by FAA Air Traffic Control. Through S&T’s work with DoD, NASA and the FAA, there is a pathway to support a stronger security posture in our nation’s skies. 

Topics: Science and Technology [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&102&&&hXXps://www.dhs.gov/topics/science-and-technology]
Keywords: drone [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&103&&&hXXps://www.dhs.gov/keywords/drone], R&D [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&104&&&hXXps://www.dhs.gov/keywords/rd], Science and Technology [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&105&&&hXXps://www.dhs.gov/keywords/science-and-technology], UAS [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&106&&&hXXps://www.dhs.gov/keywords/uas], unmanned aircraft systems [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&107&&&hXXps://www.dhs.gov/keywords/unmanned-aircraft-systems]

Having trouble viewing this message? View it as a webpage [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&108&&&hXXps://content.govdelivery.com/accounts/USDHS/bulletins/22f0f89].

Connect with DHS:

Facebook [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&112&&&hXXps://www.dhs.gov/facebook?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  Twitter [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&113&&&hXXps://www.dhs.gov/twitter?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  Instagram [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&114&&&hXXps://www.dhs.gov/instagram?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  LinkedIn [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&115&&&hXXps://www.dhs.gov/linkedin?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  Flickr [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&116&&&hXXps://www.dhs.gov/flickr?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]  |  YouTube [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&117&&&hXXps://www.dhs.gov/youtube?utm_source=govdelivery&utm_medium=email&utm_campaign=dhsgov]

U.S. Department of Homeland Security
www.dhs.gov [hXXp://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbXNpZD0mYXVpZD0mbWFpbGluZ2lkPTIwMTkwMjEyLjE1NTE3MzEmbWVzc2FnZWlkPU1EQi1QUkQtQlVMLTIwMTkwMjEyLjE1NTE3MzEmZGF0YWJhc2VpZD0xMDAxJnNlcmlhbD0xODQ1NjEyMiZlbWFpbGlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdXNlcmlkPWJpbGwubGF3cmVuY2VAbmVyYy5uZXQmdGFyZ2V0aWQ9JmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&118&&&hXXps://www.dhs.gov]

For awareness, the Department of Homeland Security has several free resources available that may be of assistance in preventing or mitigating physical security incidents within the electricity subsector. While these are not sector-specific, they...
In a previous blog post FireEye detailed the TRITON intrusion  that impacted industrial control systems (ICS) at a critical infrastructure facility in the Middle East. In this blog post FireEye provides additional information linking the theat...

In a previous blog post FireEye detailed the TRITON intrusion that impacted industrial control systems (ICS) at a critical infrastructure facility in the Middle East. In this blog post FireEye provides additional information linking the theat group's activity surrounding the TRITON intrusion to a Russian government-owned research institute.

Johns Hopkins Applied Physics Laboratory just released a report by Dr. Paul Stockton entitled (and linked here): Resilience for Grid Security Emergencies: Opportunities for Industry–Government Collaboration . The report discusses potential...

Johns Hopkins Applied Physics Laboratory just released a report by Dr. Paul Stockton entitled (and linked here): Resilience for Grid Security Emergencies: Opportunities for Industry–Government Collaboration [hXXp://www.jhuapl.edu/Content/documents/ResilienceforGridSecurityEmergencies.pdf].

The report discusses potential Emergency Orders from the US Department of Energy that come from changes to the Federal Power Act as modified by the Fixing America’s Surface Transportation (FAST) Act.  The statute authorizes the Secretary of Energy to order emergency measures, following a Presidential declaration of a grid security emergency, to protect or restore the reliability of critical electric infrastructure or defense critical electric infrastructure during the emergency. A grid security emergency could result from a physical attack, a cyber-attack using electronic communication, an electromagnetic pulse (EMP), or a geomagnetic storm event, damaging certain electricity infrastructure assets and impairing the reliability of the Nation's power grid.

Last week, Tenable published a broad-ranging vulnerability assessment report that claimed to identify four distinct assessment “styles” leveraged by organizations. According to their research, the results provide insight on...

Last week, Tenable published a broad-ranging vulnerability assessment report that claimed to identify four distinct assessment “styles” leveraged by organizations. According to their research, the results provide insight on vulnerability assessment maturation and how to measure it.

In the report, Tenable indicates that the “utilities industry had the highest proportion of the low-maturity Minimalist style overall.” The report also stated that the “utilities industry showed no representatives who followed the mature Diligent style.”

The company states that the report was based on compiling data (methods and results) from 300,000+ scans on 2,100+ individual organizations across 66 countries over a three-month period (March to May 2018). Their report states that they used machine learning algorithms against that data to develop their findings.

Tenable did not clarify what criteria was used to select participant organizations or how each organization was categorized into the eighteen industry categories detailed in the report. They also did not clarify the number of organizations within the “utility” group that were electricity companies.

Tenable is the company behind the commercial version of Nessus, a vulnerability scanner.

A team of ICS experts who spent the past year studying and re-creating the so-called TRITON/TRISIS malware that targeted a Schneider Electric safety instrumented system (SIS) at an oil and gas petrochemical plant has developed open source tools for...

A team of ICS experts who spent the past year studying and re-creating the so-called TRITON/TRISIS malware that targeted a Schneider Electric safety instrumented system (SIS) at an oil and gas petrochemical plant has developed open source tools for detecting it.

The researchers demonstrated how the malware works, as well as a simulation of how it could be used to wage a destructive attack. Nozomi Networks recently released the TriStation Protocol Plug-in for Wireshark that the researchers wrote to dissect the Triconex system's proprietary TriStation protocol. The free tool can detect TRITON malware communicating in the network, as well as gather intelligence on the communication, translate function codes, and extract PLC programs that it is transmitting. 

They subsequently added a second free TRITON defense tool, the Triconex Honeypot Tool, which simulates the controller so that ICS organizations can set up SIS lures (honeypots) to detect TRITON reconnaissance scans and attack attempts on their safety networks. 

While analyzing TRITON, the Nozomi researchers also stumbled on a built-in backdoor maintenance function in the Triconex TriStation 1131 version 4.9 controller.

"We also found two undocumented power users with hard-coded credentials," Nozomi wrote in a blog post today. "One of the power user's login enabled a hidden menu, which from an attacker's perspective, could be useful."