Read the Community Blog

Twitter hack causes markets to plunge

When we founded OSA a few years back it seemed likely that we would soon inhabit a world where IT Security and the management of IT Risks would be a crucial part of the equation to ensure that our society and it's industrial, commercial and economic systems functioned effectively. There was already a strong case for ensuring that computing architectures were secure for financial services but it was less clear on the importance of security for Industrial Control Systems, or the need to ensure that social networking and information providers maintained high levels of integrity.

The pace of change has been surprising. We have seen sophisticated malware attacks on factory and process automation systems for critical infrastructure and utilities. A dramatic escalation in the skill of attackers from script kiddies looking for recognition amongst peers, to well funded criminal gangs exploiting credit card information, and finally towards nation states and espionage

Given this backdrop the latest impact from a twitter hack caught my eye last week:

http://www.guardian.co.uk/business/2013/apr/23/ap-tweet-hack-wall-street-freefall

Whether this was used for financial gain remains open to speculation, but the impact of this attack in an era of high frequency trading was dramatic, and the opportunity to exploit misinformation on this scale for significant financial gain is unquestionable.

It certainly suggests that an investment in 2 factor authentication is a worthwhile addition if you have a high profile Twitter account. Perhaps we will see some form of trust mark evolving for those accounts or information sources that are more trustworthy and have a certified degree of integrity...

Another day another large scale hack...

There have been a remarkable number of news items lately on hacking operations uncovered at large organisations that have exfiltrated significant volumes of data and gone undetected for 6 months plus. The Qinetic example that Wired mention is typical of the breed.

Chinese 'Comment Crew' hackers emptied QinetiQ of top-secret military data

We're working on an Advanced Persistent Threats Pattern at the moment which will loaded as a draft into the library shortly for comments. If you have experience in this space and would like to comment please get in touch on the Info@ email address

Thanks, OSA Core Team

 

OSA changes

We've been very quiet at OSA for the last 18 months, as the Core Team members have been busy on other projects. However it's not long until Spring (we hope), and in line with the awakening of life in the Northern Hemisphere we are planning a spring clean and freshen up for the site.

On the list of changes are:

  • Two new patterns for PCI and Advanced Persistant Threats
  • Updates to the Cloud Pattern (one of our most popular)
  • New social features to replace the old bulletin board (PHP3 and a bit clunky)
  • New mappings for the controls catalogue to PCI-DSS and SANS critical 20
  • A refresh to simplify some of the existing patterns
  • Better unification with TOGAF and SABSA
  • More guidance on determining Risks and Control Selection
  • Last but not least we will finalise the threat catalogue

We are also pleased to welcome a new core team member who will bring a wider set of security experience in the Architecture space, as well as deep experience of building secure computing systems for a wide range of government and private organisations.

In recent months we have recieved an increased amount of interest to contribute and we'll be back in touch soon to share details on how we plan to make that easier.

Thanks- OSA Core Team

Serious security holes in Siemens Control Systems

More Siemens vulnerabilities have come to light. See the article at Ars for more info http://arstechnica.com/security/news/2011/08/serious-security-holes-found-in-siemens-control-systems-targeted-by-stuxnet.ars

Seems like good security basics on securing the perimeter and general environment are key per the pattern we put together a while back

Update 3rd October 2011

One of our contributors to OSA (thanks Herbert) has studied the Siemens S7 vulnerabilities mentioned. He comments that:

"for native communication via RFC 1006 (=TCP102) you don't need any authentication, so an S7 CPU should be always protected by defense in depth".

Please see http://www.us-cert.gov/control_systems/ for more details