The ‘Cybersecurity and cyber resilience in the Swiss electricity supply’ report by the Swiss Federal Office of Energy concludes that the electricity industry needs to take action on cybersecurity.
There’s no doubt that the electricity supply is most likely the most important of all critical infrastructures in a modern, digitalised society. In the Swiss Confederation, the electricity supply network is heavily fragmented – there are around 600 power plants supplying homes and businesses in the network. Unlike other critical infrastructures, the electricity sector must be viewed as a complex overall system from the perspective of cybersecurity. In view of the threat situation, this gives rise to major challenges.
Inside-it.ch columnist Martin Leuthold of the Switch Foundation has analysed the report entitled ‘Cybersecurity and cyber resilience in the Swiss electricity supply’ and gives his thoughts on four proposals made by the Swiss Federal Office of Energy (SFOE).
Who are the key market players in Switzerland?
The report starts by using the term ‘boundary conditions’ to propose that the SFOE define mandatory requirements and/or a risk-based minimum standard for key market players. In terms of the criteria for defining ‘key market players’, reference is made to the practice in neighbouring countries, which makes sense. How these parameters should be defined in Switzerland, however, remains unanswered. Realistically, the focus should initially be on 20 to 30 leading energy firms. We recommend looking for ways in which the many small utility suppliers can also be included in parallel with the industry.
In the world of operational technology, programmable logic controllers (PLCs) control physical elements such as a municipal water supply system, the room temperature in offices or a chocolate bar packaging machine. Twenty years ago, manufacturers promoted their PLCs as compliant with the IEC 61131 standard. Today, the standard is well established and supported by all major PLC suppliers. To program a PLC, five programming languages are defined:
IEC 61131-3 language
Ladder Diagram (LD)
Looks like a electrical diagram
Function Block Diagram (FBD)
Contains elements from boolean algebra / digital technology
Structured Text (ST)
Similar to Pascal or C
Instruction List (IL)
Has its roots in the assembler language
Sequential function chart
Graphical elements for programming e.g. batch programming
An electrician will likely choose Ladder Diagram as programming language. Someone who is used to programming in a high-level language will most probably use Structured Text. Often it is a mixture: functions or libraries are written in ST, while the “glue logic” is written in Function Block Diagram.
There are more than 2.6 million podcasts available on Spotify. For every possible topic you can find experts, famous people or entertainers talking about it. Among podcasts evolving around politics, sports, psychology, crime or history there are also some putting the topic of information security in the spotlight.
A lot of security, but no awareness
If you are working in security awareness there is not much in it for you though. Most podcasts on security cover the topic by inviting one phishing simulation provider. But as you know, there is so much more to it!
This is why Marcus Beyer (Security Awareness Officer at Swisscom) and I decided to start our own podcast on security awareness only: Security Awareness Insider (in German).
FluBot is a new Android malware first discovered in December 2020. During the first few months, FluBot has been active in Spain, Hungary and Poland. Since then, the development of the malware advanced quickly and the malware has set foot in almost all European countries.
On the 18th of June 2021 FluBot version 4.6 was spotted which added a configuration for Switzerland. As of today it is actively being spamertized through SMS.
FluBot is known by different names. The name “FluBot” is best known because this was the name given in the first public technical writing. Below the reference to the most well known aliases:
January 2021, ThreatFabric was the first to give it the name “Cabassous” in a Twitter post
March 2021, ProDaft published a detailed technical report and gave it the name “FluBot”
April 2021, IBM Trusteer took a deeper look at the different FluBot versions and gave it the name “FakeChat“
FluBot is distributed using smishing (a combination from the words SMS and phishing). The victim receives an SMS with a link to an URL which distributes the APK. The installation is straight forward using sideloading.
BIND 9.16 has improved DNSSEC support to the point where it can (finally) be called simple to use. This is excellent news for DNS administrators because it means there are now several options (viable alternatives being Knot DNS or PowerDNS) which make DNSSEC simple to deploy.
Six years ago we wrote a blog post about BIND 9.9 and its new in-line signing support. This article got a lot of views but at some point we had to put a warning message on the blog post stating vaguely that we would not recommend the method described anymore. The main reason was that DNSSEC with BIND 9.9 still contained many manual steps which could not be configured in named.conf. Especially key roll-overs caused headaches for administrators. If you cannot upgrade to BIND 9.16 the old blog post might still be useful. But in this case, we recommend to omit key roll-overs altogether.
However, now that we have BIND 9.16, you can just make some configuration changes to named.conf and it’s all done. Now let’s take a closer look on how you can enable DNSSEC for your domain name.
We used Debian 10 (aka buster) which comes with BIND 9.11 at the time of writing. We used the BIND9 packages provided by ISC, who offer BIND 9.16 in the “BIND 9 Stable” repository. Please head over to ISC Packages for BIND 9 for instructions on how to use the ISC packages directly.
Once you have added the ISC BIND 9 Stable repository we install bind9, bind9 utils and the bind documentation:
apt-get install bind9 bind9-dnsutils bind9-doc
You have now a running bind9 instance. You can check its running state with systemctl: