Weekly Newsletter of Industrial Cybersecurity
Industrial Cybersecurity Center
Weekly Newsletter

April 27, 2015

No. 100



100 newsletters

On June, 3rd, 2013, the first issue of the newsletter that you are reading, now, on your tablet’s screen was released; thus, materializing the "first public action of the Industrial Cybersecurity Center" –established only two months earlier, as underlined our fellow Samuel, Nacho and Jose, founders of the Centre, in their "Introduction" which headed that initial number.

It rained somewhat since then, particularly in recent months, as promptly we've been reporting. However, despite changes, it has been the wish of those who now accompany Jose in front of the Center, maintaining fidelity to the editorial line that faultlessly adopted for just over a year and a half our friend Nacho, former weekly’s editor.

Fidelity which, in our view, has not prevented incorporating small "improvements" in the Center’s editorial discourse, as the ongoing, since recent months, reference to the Board of Directors’ role on Industrial Cybersecurity oversight, the consolidation of subsection "CCI Library" within the newsletter’s "Documents" section, or other; all of them transferred to our other channels, as Twitter (@info_CCI), or the new “ICS, Industrial Cyber Security (by @info_CCI)” magazine, which different editions  -web, Android and iOS-  have started gathering your attention.

Attention that is but a reflection of what the “Newsletter”, which number of subscribers now exceeds seven hundred, has been increasingly grabbing for 100 weeks. Evidence, in turn, of the strength of "The CCI Ecosystem"!

Such support and, no doubt, that of our sponsors, both current and past, is what has given us the boost to get here. Naturally, we thank you all.

And what better way to thank than presenting this special issue, for which we have adopted a logo according to the occasion; and for which we have revisited what has been published so far, to select those contents that have aroused the most interest among you. We bring them to you in the "News" section and we wish you find them an as enjoyable reading as the first time.

We are also announcing today the launch of CCI’s new report "State of the Industrial Cyber Security in Spain. Edition 2015" and we are providing you with the traditional sections “Documents”, “Events” and “Thoughts”.

Enjoy reading, at least as much as we enjoy bringing the “Newsletter” to you every week! And, by the way, I urge you to other one hundred weeks.

Miguel García-Menéndez, Editor



CCI's "Status of Industrial Cybersecurity landscape in Spain. 2015 edition" just released (Spanish edition)
An update of last year's report, it provides a comprehensive vision of Spain's Industrial Cybersecurity market, since the point of view of both, infrastructure operators and engineering firms/cybersecurity vendors. The report offers a comparation between 2013 and 2014 findings, too.
Link [ES]
NSA’s ANT Division Catalog of Exploits for Nearly Every Major Software/Hardware/Firmware
After years of speculation that electronics can be accessed by intelligence agencies through a back door, an internal NSA catalog reveals that such methods already exist for numerous end-user devices.
The spanish government creates the National Cybersecurity Council
The council will have as its main objective to improve the coordination of different public organizations facing cyberspace threats.
The first Ibero-american Industrial Cybersecurity Congress has taken place.
The celebration of the first Industrial Cybersecurity Ibero-american Congress has been a great success of attendance as well as of contents. For the first time in Ibero-america, actors from every scope related to Industrial Cybersecurity have been reunited in a common ground.
Ciber-suspect. A game and a cybersecurity awareness tool
The Industrial Cybersecurity Center has developed the first spanish cybersecurity board game where players assume the role of a cybersecurity researcher who must discover where, how, why and who has caused a cyber-incident in an industrial plant.
Everything you know about cyberwar is wrong
Author and security expert Peter W. Singer explains what we really need to know about cyberthreats - and what we need to do about them.
Massive cyberattack against energy companies
According a Symantec report, more than one thousand energy facilities in Europe and the US have been cyber-attacked. Spain is the most affected country.
Link [EN]
2013 Cyber Attacks Statistics
Global statistics summarizing the information security landscape for the past year.
The most ever complete catalogue of cyber-risks (1976-2014)
Peter G. Neumann's catalogue on "Illustrative Risks to the Public in the Use of Computer Systems and Related Technology".
Link [EN]
International Space Station Infected With USB Stick Malware
Kaspersky revealed that Russian astronauts carried a removable device into space which infected systems on the space station.
Comic: XP in production environment
Otto comic character warns about XP running production.
Link [EN]


CCI Library
Industry reports, strategic analysis, best practice guidance and assessment toolkits compound a quality bibliographic bookset, focused on Industrial Cyber security and brought to you by CCI Analysis & Research.
Link [ES]
Thirteen reasons why hype makes for bad policy [PDF]
Robert M. Lee and Thomas Rid give a critical, buy realistic, viewpoint on how hyping out cybersecurity is not so good. It may result counterproductive.
Link [EN]
Hackers: the Internet's immune system [Video]
The beauty of hackers is that they force us to evolve and improve. By exposing vulnerabilities, they push the Internet to become stronger and healthier, wielding their power to create a better world.
Link [EN]
Internet of Things [PDF]
The Web is now ubiquitous. It can be found in our homes, our cities, our businesses... Even on our day-to-day devices, from a refrigerator to our illumination systems have become a source of data with the objective of making our lives easier. It's the new Internet revolution.
Link [EN]


May, 13, 2015. CCI's 10th "The Voice of the Industry" Conference (Bilbao, Spain)
10th edition of CCI's quarterly networking and cybersecurity experience & knowledge sharing event involving the most relevant automation industry players. Attendants will meet the main solutions & services currently available to protect their industrial processes and underlying OT infrastructure.
Link [ES]
June, 2-3, 2015. CCI's 4th International Industrial Cybersecurity Congress (Buenos Aires, Argentina)
The "4th International Industrial Cybersecurity Congress" organized by Spain-based CCI will be held on June, 2nd & 3rd, 2015, at "Novotel" hotel, Buenos Aires, ARGENTINA. Pre- and post-congress session will be held on June, 1st and 4th.
Link [ES]
April, 28-30, 2015. iQPC's "ICS Cyber Security Europe 2015" conference (London, UK)
Held under Chatham House rules, ICS Cyber Security, Europe 2015 will unite Cyber Security professionals with Control Systems managers and SMEs to address related issues and more.
Link [EN]
May, 7, 2015. CCI present at "Private Security Day in Catalonia. 4th Edition" (Barcelona, Spain)
Co-organized by "Seguritecnia" magazine, the event will take place at Port of Barcelona's ZAL Auditorium. The CCI Ecosystem will be represented by panelist Miguel García-Menéndez, CCI's Corporate Governance & Strategy Principal, who will be discussing "Cybersecurity: Digital Crime".
Link [ES]
May, 10-14, 2015. CCI present at Dome Exhibitions' ICS Cyber Security Energy & Utilities Forum & Exhibition (Abu Dhabi, UAE)
CCI will be present at ICS Cyber Security Energy & Utilities Forum & Exhibition, to be held in Abu Dhabi, on May, 10th-14th, via its MEA co-ordinators Samuel Linares, Nacho Paredes & Ayman Al-Issa.
Link [EN]
May, 12, 2015. CCI collaborates in Thales Spain's session on "Integral Protection of Critical Infrastructures" (Madrid, Spain)
The event aims to bring a plural viewpoint on the issue of protecting critical infrastructures. More information at +34 91 415 01 00 or
Link [ES]
May, 19-20, 2015. SCASSI's "Critical Systems (SCADA, ICS, ...) Security" Course (Madrid, Spain)
The course aims to analyze the security aspects (risk, countermeasures, ...) of several kind of critical systems (air-space, industrial manufacturing, ...) as well as their life-cycle stage (inception, deployment, implementation, exploitation, ...). Date: 19th & 20th, May, 2015. Venue: Madrid (Spain).
Link [ES]
May, 26-29, 2015. APWG's Symposium on Electronic Crime Research, eCrime 2015 (Barcelona, Spain)
For 2015 APWG will combine it's Spring and Fall meetings into one four day event that will bridge the gaps between cybersecurity operations, research and consumer messaging. eCrime 2015 will look at the operational challenges and development of common resources and best practices for first responders and forensic professionals.
Link [ES]
September, 28-30, 2015. CCI partners with Cyber Senate's "Industrial Control Cybersecurity Europe" (London, UK)
Cyber Senate's "Industrial Control Cybersecurity Europe" conference has been designed to enhance dialogue and information sharing between public and private sectors, providing participants an opportunity to contribute and engage on some of the most pressing security threats surrounding critical national infrastructure. Our vision as a collective to enhance resilience and the adoption of cybersecurity controls within the Water, Oil, Gas, Electric and Nuclear sector. CCI members receive a 10% discount. Cyber Senate will validate CCI's membership.
Link [EN]
October, 12-14, 2015. CCI partners with Cyber Senate's "Industrial Control Cybersecurity USA 2015" (Sacramento, USA)
Cyber Senate's "Industrial Control Cybersecurity USA 2015" conference has been designed to enhance dialogue and information sharing between public and private sectors, providing participants an opportunity to contribute and engage on some of the most pressing security threats surrounding critical national infrastructure. Our vision as a collective to enhance resilience and the adoption of cybersecurity controls within the Water, Oil, Gas, Electric and Nuclear sector. CCI members receive a 10% discount. Cyber Senate will validate CCI's membership.
Link [EN]


  • The NSA doesn’t want backdoor entry to your systems, they want front door access. Dan Swinhoe (@DanSwinhoe), Staff writer, IDGconnect.
  • What marks this industry out is that something that starts as a cyber attack can have a very devastating physical impact. Simon Goldsmith (@Goldsmith_Cyber), Director Cyber Security, BAE Systems Applied Intelligence.


In compliance with Organic Law 15/1999, on Protection of Data of a Personal Nature (hereinafter referred to as LOPD), you, as a subscriber of this newsletter, are informed that your data will be included in a file titled "Clientes y Proveedores" owned by the Centro de Ciberseguridad Industrial (hereinfater referred to as CCI) and that you allow the processing of data in order to send you periodically by e-mail the aforementioned newsletter. In accordance with the LOPD you will be entitled to execute your right of access, rectification, cancellation and objection to such data, at Centro de Ciberseguridad Industrial, c/Maiquez 18, 28009, Madrid attaching a photocopy of your National Identity Card or appropriate identification document.
Copyright © 2015 Centro de Ciberseguridad Industrial, All rights reserved.
Email Marketing Powered by Mailchimp