The Industrial Control System CERT released an advisory this week warning of a vulnerability in a popular sensor monitoring system used in a number of critical industries, including energy, water and manufacturing.

SAN JUAN, Puerto Rico – The world of SCADA and industrial control system vulnerabilities is starting to mirror that of IT security, not only in the demonstration and exploitation of zero-day vulnerabilities, but in the brokering of flaws and exploits between hackers and organizations interested in buying research.

Never underestimate what you can do with a healthy list of advanced operator search terms and a beer budget. That’s mostly what comprises the arsenal of two critical infrastructure protection specialists who have spent close to nine months trying to paint a picture of the number of Internet-facing devices linked to critical infrastructure in the United States.

Scott Tousley, deputy director cybersecurity division at Department of Homeland Security Science & Technology, is an advocate of integrating cybersecurity education into all disciplines of IT and business and risk management. “We don’t want to teach cybersecurity as a stovepipe, but to do it so that it makes sense in overall teaching,” Tousley said.

When it comes to cybersecurity and critical infrastructure, there are generally more questions than answers. And for the last 10 months or so, the volume of concern and uncertainty has ramped up, largely because there’s little in the way of productive information sharing on threats, a serious lack of centralized leadership coordinating cybersecurity efforts among public and private sector interests, and attacks and vulnerabilities run largely unabated.

Miami, Florida – A no-holds barred presentation at the S4 Conference laid bare the woeful state of security for many industrial control systems that power the world’s critical infrastructure. Organizers have also cooperated with security scanning firms Rapid7 and Tenable to release modules for the Metasploit and Nessus products that can test for the discovered security holes.