Perspectives on the SolarWinds Incident

The article of record as published may be found at https://doi.org/10.1109/MSEC.2021.3051235A significant cybersecurity event has recently been discovered in which malicious actors gained access to the source code for the Orion monitoring and management software made by the company SolarWinds and inserted malware into that source code. This article contains brief perspectives from a few members of the IEEE Security & Privacy editorial board regarding that incident

Data Diodes in Support of a Power Grid Trustworthy Cyber Infrastructure

Industrial Control Systems (ICS) are an integral part of the industrial infrastructure providing for the national good. While sharing basic constructs with Information Technology (IT) business systems, ICSs are technically, administratively, and functionally more complex and unique than business IT systems. Critical infrastructure protection focuses on protecting and maintaining a safe and reliable supply of electric power, oil, water, gasoline, chemicals, food, etc. Cyber vul-nerabilities are important if they can affect the safe, functional performance of these systems and processes. The majority of ICS exhibit vulnerable devices with unsecured physical access and/or subject to insider attack. In this whitepaper, we advocate trusted process control networks as a way to address the serious cyber security flaws which combines both white/black listing into a design philosophy that addresses information warfare scenarios, software process monitoring and an attack recognition and management architecture

SCADA Cyber Security Testbed Development

Abstract — New technologies are increasing the vulnerability of the power system to cyber security threats. Dealing with these threats and determining vulnerabilities is an important task for utilities. This paper presents the development of a testbed designed to assess the vulnerabilities introduced by using public networks for communication. I

Detection and Identification of Fungal Pathogens by PCR and by ITS2 and 5.8S Ribosomal DNA Typing in Ocular Infections

The goal of this study was to determine whether sequence analysis of internal transcribed spacer/5.8S ribosomal DNA (rDNA) can be used to detect fungal pathogens in patients with ocular infections (endophthalmitis and keratitis). Internal transcribed spacer 1 (ITS1) and ITS2 and 5.8S rDNA were amplified by PCR and seminested PCR to detect fungal DNA. Fifty strains of 12 fungal species (yeasts and molds) were used to test the selected primers and conditions of the PCR. PCR and seminested PCR of this region were carried out to evaluate the sensitivity and specificity of the method. It proved possible to amplify the ITS2/5.8S region of all the fungal strains by this PCR method. All negative controls (human and bacterial DNA) were PCR negative. The sensitivity of the seminested PCR amplification reaction by DNA dilutions was 1 organism per PCR, and the sensitivity by cell dilutions was fewer than 10 organisms per PCR. Intraocular sampling or corneal scraping was undertaken for all patients with suspected infectious endophthalmitis or keratitis (nonherpetic), respectively, between November 1999 and February 2001. PCRs were subsequently performed with 11 ocular samples. The amplified DNA was sequenced, and aligned against sequences in GenBank at the National Institutes of Health. The results were PCR positive for fungal primers for three corneal scrapings, one aqueous sample, and one vitreous sample; one of them was negative by culture. Molecular fungal identification was successful in all cases. Bacterial detection by PCR was positive for three aqueous samples and one vitreous sample; one of these was negative by culture. Amplification of ITS2/5.8S rDNA and molecular typing shows potential as a rapid technique for identifying fungi in ocular samples