http://www.csoonline.com/article/720881/volunteering-falls-short-on-threat-information-sharing By Taylor Armerding CSO November 06, 2012 Critical infrastructure security apparently has its own version of Don't Ask, Don't Tell, despite calls in the public and private sector for better information sharing. And this one goes both ways. The private sector is not telling the government about its vulnerabilities, and government is also keeping threat and vulnerability information from the private sector. Reuters reported last week that two scheduled presentations at the 12th ICS Cyber Security Conference about a nuclear power plant's possible vulnerabilities to cyberattacks were cut at the last minute, after an equipment supplier to the plant threatened to sue. The unnamed vendor reportedly said the presentations would have revealed too much about its equipment, even though the plant's officials had approved the presentation. The threatened suit was not an isolated instance. Those at the conference were also told that "a security firm that had uncovered the thousands of pieces of control equipment exposed to online attacks did not tell U.S. authorities where they were installed because it feared being sued by the equipment owners," Reuters reported. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Tue Nov 06 2012 - 23:45:14 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 06 2012 - 23:46:38 PST