A selection of this week’s more interesting vulnerability disclosures and cyber security news. In addition to last week’s train system honey pot, a similar theme appeared in my feed this week. Having spent some years in manufacturing, and integration of SCADA systems into the rest of a company’s business infrastructure I often became horrified at the lack of authentication between critical control devices within these supposedly isolated networks. This then all comes crashing down when given comments of ‘just stick it behind a fire wall, it will be fine, oh and can you create a VPN tunnel through for our engineers’.

I understand that these systems operate often had high speed, especially when you have large robots and heavy automation that requires instant response especially in a human safety situations. Nevertheless, any rouge device that can breach it and at least poke at some known faults or even flood the network with junk causing erratic behaviour could still do serious damage.

Even outside industrial areas such as the standard office network, we often let our guard down and trust too much. Google have long been working on a new approach to boundaries which I’ve been following and though complex could be interesting in the long term:

 

And the rest:

Weekly Cyber Security News 17/02/2017
twitterlinkedinmail