Author: admini

“They put in Windows with no intention of ever patching it, and then they are surprised when they get hit by a worm,” Graham says. Or they avoid patching and vulnerability testing because these processes pose risks of their own for SCADA systems –introducing other bugs to their highly sensitive and uptime-demanding systems, for instance. “They are managed by a Pearl Harbor-type mentality,” Graham says.

Attacks exploiting the latest OPC bugs could be avoided if logins were required in the app because the attacker needs login privileges to do his dirty work.

“Auditing is not as in-depth in my opinion or as transparent for SCADA” as it is for other industries. And some security experts say commercial IDS/IPS, antivirus, and SIM products don’t really fit for SCADA.

Mark Fabro, CEO of Lofty Perch, which makes SIM solutions for the water utility industry as well as other critical infrastructure companies, says commercial IDS/IPS and SIM systems don’t map well to industry control systems, where there are thousands of different protocols, many of them proprietary.

http://www.darkreading.com/document.asp?doc_id=121887

Lynette Copland, who works at Carmarthenshire College in west Wales, successfully sued her employer for breaching the Human Rights convention. Mrs Copland said there had been a “clash of personalities” with Mr Wrentmore, who left the college shortly after the episode for reasons of ill health and who died in January.

It was argued the monitoring was to determine whether Mrs Copland was using the college’s facilities for “personal purposes.” But the European Court of Human Rights ruled that the surveillance without her knowledge “amounted to an interference with her right to a private life”. At the time of the offences there was no general right to privacy in English law but the implementation of the Human Rights Act in 2000 legally protected privacy rights in domestic law.

Liberty said the ruling, on 3 April, meant employers would have to make employees aware if their communications could be monitored and there would have to be a good reason for such monitoring in every case.

http://news.bbc.co.uk/2/hi/uk_news/wales/6559873.stm

Analysts at the Farmington, Conn.-based company studied data from media reports, as well as several industry analyst reports, to develop the tool’s proprietary algorithms.

“Until now, organizations have struggled to assess the scope of their financial risk should they be hit with a data loss incident,” said Adam Sills, a lead underwriter with Darwin, in a written statement.

According to Darwin, organizations can use the Tech//404 Data Loss Cost Calculator to estimate their financial exposure in three categories: internal investigation expenses; customer notification and crisis management expenses, and regulatory/compliance expenses.

http://www.darkreading.com/document.asp?doc_id=121698&WT.svl=cmpnews2_1