Volunteering falls short on threat information sharing

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/720881/volunteering-falls-short-on-threat-information-sharing

By Taylor Armerding
CSO
November 06, 2012

Critical infrastructure security apparently has its own version of Don't 
Ask, Don't Tell, despite calls in the public and private sector for 
better information sharing.

And this one goes both ways. The private sector is not telling the 
government about its vulnerabilities, and government is also keeping 
threat and vulnerability information from the private sector.

Reuters reported last week that two scheduled presentations at the 12th 
ICS Cyber Security Conference about a nuclear power plant's possible 
vulnerabilities to cyberattacks were cut at the last minute, after an 
equipment supplier to the plant threatened to sue.

The unnamed vendor reportedly said the presentations would have revealed 
too much about its equipment, even though the plant's officials had 
approved the presentation.

The threatened suit was not an isolated instance. Those at the 
conference were also told that "a security firm that had uncovered the 
thousands of pieces of control equipment exposed to online attacks did 
not tell U.S. authorities where they were installed because it feared 
being sued by the equipment owners," Reuters reported.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org