Public Safety Canada Daily Infrastructure Report
The Public Safety Canada Daily Infrastructure Report is a compilation of summaries of publicly available emergency management information concerning critical infrastructure.
A summary of feedback results is now available.
News | Cyber tracking | Relevant links | Note to readers
DIR10-143 - July 27, 2010
News
CCIRC releases advisory AV10-023: Siemens SIMATIC "WinCC" or Siemens "Step 7” software vulnerabilities
On July 27, Public Safety Canada's Canadian Cyber Incident Response Centre (CCIRC) released advisory AV10-023 to raise awareness of recently discovered malware targeting Siemens SIMATIC "WinCC" or Siemens "Step7” control system software. Supervisory Control and Data Acquisition (SCADA) systems that use Siemens SIMATIC WinCC or Step7 software are vulnerable to newly discovered pieces of malware. Both products are widely used in many critical infrastructure sectors. Siemens has released a fix to address this specific issue. CCIRC recommends that organizations liaise with the administrators/maintainers of affected assets and commence requisite remediation planning/implementation as soon as possible.
Source article - Public Safety Canada , July 27, 2010
CCIRC provides a list of recent and archived security publications.
Iran was prime target of SCADA worm
On July 23, Network World reported that computers in Iran have been hardest hit by a computer worm that tries to steal information from industrial control systems. The worm seeks out Siemens SCADA (supervisory control and data acquisition) management systems, used in large manufacturing and utility plants, and tries to upload industrial secrets to the Internet. According to data compiled by Symantec, nearly 60% of all systems infected by the worm are located in Iran. Indonesia and India have also been hard-hit by the malicious software, known as Stuxnet. Looking at the dates on digital signatures generated by the worm, the malicious software may have been in circulation since as long ago as January.
Source article – Network World, July 23, 2010
Cisco releases 2010 Midyear Security Report
On July 22, Cisco released their 2010 Midyear Security Report. Cisco indicated that businesses must change their mindset on security to help ensure their networks and vital corporate information are protected from evolving security threats. Tectonic shifts – the increasing use of social networking, the proliferation of network-connected mobile devices, and virtualization – continue to alter the security landscape. As a result, enterprise professionals must act immediately to put effective security practices into place in order to protect their companies' reputation and maintain a competitive edge. The report outlines five recommendations for improving corporate security. The report also includes several other findings and concludes with recommendations to help enterprises strengthen their security.
Source article – Cisco, July 22, 2010
Cisco provides the full 2010 Midyear Security Report (PDF, 7.81 MB).
“Caffeinating” Children and Youth report
On July 26, the Canadian Medical Association Journal’s online editorial states that caffeinated energy drinks pose a serious threat to the health of children and young people who are vulnerable to the effects of caffeine. According to the authors of the editorial, inadequate labelling, lack of awareness of caffeine’s harmful effects as well as marketing campaigns that appeal to children and youth call for stronger government regulations.
Source article (PDF, 41 KB) – Canadian Medical Association Journal, July 26, 2010
Cyber tracking
CCIRC security publications
Over the course of the past 24 hours, CCIRC has released the following security publications, which provide details on specific vulnerabilities and suggested mitigation strategies:
- AV10-023: Siemens SIMATIC "WinCC" or Siemens "Step 7” software vulnerabilities
CCIRC provides a list of recent and archived security publications.
Threat and vulnerability monitoring
CCIRC is currently tracking the following computer-based threats and vulnerabilities for relevant impact on Canadian critical infrastructure. Personnel responsible for information, systems and network security should continue to monitor and apply appropriate security precautions.
- Item Description: Researcher Pinpoints Widespread Common Flaw Among VxWorks Devices
Source article – DarkReading, July 20, 2010
Relevant links
Below are links to sites related to Canada’s critical infrastructure.
- Food Recalls and Allergy Alerts
Canadian Food Inspection Agency
- Health Advisories, Warnings and Recalls
Health Canada
- Disease Outbreak News
World Health Organization
- Travel Health Notices
Public Health Agency of Canada
- Transportation - Safety
Transport Canada
- Travel Reports and Warnings
Foreign Affairs and International Trade Canada
- Weather warnings for Canada
Environment Canada
- Earthquakes
Earthquakes Canada
- Hurricanes
Canadian Hurricane Centre
- Hurricanes
U.S. National Hurricane Center
- News Releases
Infrastructure Canada
-
Note to readers
Public Safety Canada collects information related to cyber and physical threats to, and events concerning, Canadian critical infrastructure. This allows Public Safety Canada to monitor and analyze threats and to issue alerts, advisories and other information products.
Links to sites not under the control of the Government of Canada are provided solely for the convenience of users. The Government of Canada is not responsible for the accuracy, currency or the reliability of the content. The Government of Canada does not offer any guarantee in that regard and is not responsible for the information found through these links, nor does it endorse the sites and their content.
Public Safety Canada respects the Official Languages Act and is committed to ensuring that information products are available in both English and French. However, users should be aware that some links direct users to sites of organizations or other entities that are not subject to the Official Languages Act and that these sources are only available in the language in which they are written.