2011 Articles
ICSJWG Day Two Report
The semi-annual Industrial Control System Joint Working Group Conference is traditionally the best place to catch up with everyone in the ICS Security community. DHS puts on a solid program, and there is a certain feeling you need to be here even though there have...
Luigi Vuln Updates … Good News
The mass of vulnerabilities and related proof-of-concept exploit code released by Luigi Auriemma were a new event and test to the ICS world. Let's take a look at the progress one month later - - and it is good news. Siemens First, my prediction that Siemens would not...
DHS Needs To Point Finger At Self – Not Private Industry
Statements by DHS Secretary Janet Napolitano just knocked be off my 12-step program to stop Stuxnet blogging. She was quoted in a Computer World article saying: "The key thing we learnt from Stuxnet was the need for rapid response across the private sector," DHS...
Oddities in FPL Hoax Emails
The ICS Security Community had an interesting event, or perhaps a test, this weekend with the false report of a FPL Wind Farm in New Mexico being hacked. So far we know of a similar, but not identical, emails providing details of the hack hoax being sent to three...
TCIPG Research Efforts – Updated
The Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) is an academic research effort led by University of Illinois and funded by the US Department of Energy and DHS. And at almost $19M for five years, it is not a small effort. Even prior to this...
Siemens Starts To Step Up To Address Stuxnet
Siemens and McAfee announced today that McAfee's Application Control whitelisting product has been tested or modified to work with a variety of Siemens PC-based products that were compromised by Stuxnet. (HT: Smart Grid Security Blog) We have been very critical of...
Ambition and Refresh
I'm seeing two trends in the anecdotal evidence collected in 2011 while on-site with asset owners, primarily pipeline SCADA and power plant DCS: ambition in the security program and attention to reasonable computer and network equipment lifetimes. While the sample...
Transpara Visual KPI for ICS Data on Smart Phones
The preponderance of ICS security professionals recoil with the concept of smart phones having any role in SCADA or DCS. As covered in an early blog entry, there is a big difference between using smart phones for control and using them to view data that has been...
Boredom / Not Better Limiting Vuln Response Bashing
I was taken to task in a conversation at the OSIsoft User Conference - - why didn't Digital Bond and others rip into the vendors and ICS-CERT over the response to Luigi and other SCADA security vulnerabilities as in times past? He went on to explain that the ICS-CERT...
OSIsoft User Conference News & Notes
The OSIsoft User Conference was bulging at the seams with about 1500 eager attendees, and it seemed like even more. It was a very upbeat group looking for what else they could do with the data they are collecting. User Groups in general are so much more optimistic and...
OSIsoft: No, No, … Yes
I have always been amazed by Pat Kennedy and OSIsoft's ability to say no and then the implementation skill to make it pay off. With a dominant installed base in the Energy Sector and significant market share in other process related industries, OSIsoft resisted...
Interview with Luigi Auriemma of 34 0day ICS Vulnerabilities
Luigi Auriemma, of yesterday's 34 0day ICS vulnerabilities, was kind enough to answer some questions we had. I would have preferred a podcast, but neither my Italian nor his English allowed that. I have slightly edited his responses for English/clarity, but I've been...
Smartphone and iPad Access To ICS
The ICS security community is seeing a lot of new products and advertisements offering the ability to monitor and control your process from anywhere with a smartphone or iPad. The trend is almost certainly going to increase with the growing market penetration and...
Another Subcommittee Hearing . . . Yawn
The U.S. House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies had another panel/hearing on "Examining the Cyber Threat to Critical Infrastructure and the American Economy". This link has the video of Chairman Lungren's opening...
NERC CIP Violations
NERC publishes a monthly Key Compliance Trends presentation that has interesting statistical detail on NERC violations, about half of the violations are CIP. This is actually good, detailed info that someone who is immersed in the NERC CIP could really use to track...
Now ISA Has A Cyber Threat Gap Analysis Task Group
Our last post was on the NERC Cyber Assessment Task Force. Although this is a distraction from the NERC CIP next version, it makes sense for NERC to look at how to detect and isolate an attack on a large segment of the bulk electric system. I'm sure it is just a...
NERC Cyber Assessment Task Force
We had a note on the new NERC Cyber Assessment Task Force in the Friday News and Notes blog. Here's some more information and thoughts based on the Powerpoint from the CATF conference call. "The primary intent of the CATF is to consider the impact of a coordinated...
Public / Private Partnership
One of the buzzwords and oft stated goals is to develop a successful public / private partnership, and this came up quite a bit at Smart Grid Security East. Perhaps we are mistaken in expecting it to regularly work or even believe that it can be successful in most...
Does Innominate Help Against Stuxnet?
Innominate has a PR type sending around a recent white paper, Post‐Stuxnet Industrial Security Zero‐Day Discovery and Risk Containment of Industrial Malware with the Innominate mGuard Technology. My last info on Innominate was they had a field firewall,...
Sensus Achieves “Achilles Practice Certification” – Good but How Good?
photo © 2006 Elizabeth Ellis | more info (via: Wylio)Wurldtech issued a press release yesterday announcing Sensus, a company that offers AMI solutions, had achieved the Achilles Practice Certification (APC). The APC is an Achilles certification based on the WIB...
What Does $25M Annually Buy? DHS CSSP Program
photo © 2008 Purple Slog | more info (via: Wylio)The US Department of Homeland Security Control System Security Program (DHS CSSP) is probably the USG's biggest effort to improve ICS security across the critical infrastructure sectors. But the question was always how...
FERC Performance Audit Re: NERC CIP
An interesting but somewhat confusing document was issued this week by the Dept of Energy, Audit Report: Federal Energy Regulatory Commission's Monitoring of Power Grid Cyber Security. This audit, performed by the DoE Office of Inspector General, assesses FERC's...
Control Microsystems Handles Vulns Professionally
photo © 2010 Tactical Technology Collective | more info (via: Wylio) I was really looking for a good news story today after some recent gloom and doom blog entries. Thankfully ICS-CERT issued an advisory today for some fixed ClearSCADA vulns that Digital Bond found...
Cybersecurity Responsibility?
George Gary Mintchell of Automation World/Feed Forward Blog and I have had a difference of opinion on the Automation Press in a few areas including the kid gloves treatment of Siemens regarding Stuxnet. He has a blog on this titled "Cybersecurity Responsibility",...
ICS-CERT Year In Review Fails To Look In Mirror
It's a great idea for ICS-CERT to write a year in review document, especially with sections on lessons learned. That said it is so disappointing to see ICS-CERT continue to ignore the PLC/RTU ramifications of Stuxnet, fail to acknowledge their serious mishandling of...
Zigbee in Smart Grid – The Fuse Is Lit
A press release from Ember announced the company had record revenues in 2010 and that they shipped 10 million Zigbee chips last year. From the press release: Ember's strong growth was fueled by smart meter deployments worldwide, where Ember's ZigBee chips and software...
Managing and Controlling External Devices
One of the many things that I noticed at a plant is that there are no security controls for protecting against unauthorized devices from being connected to the control system servers and workstations. This had me thinking about the Data Loss Prevention (DLP)...
MS Attack Surface Analyzer: A Deeper Look
In my first post on the Attack Surface Analyzer, we looked at the basic function and how it fits into the SDL. For this post, we'll take a deeper look at some of the information the tool provides and a bit about the process used to get that information. As I mentioned...
ICS Vendor Security Strategies – Security Development Lifecycle
A major difference in ICS vendor’s security strategies is how much effort they are putting on security throughout the product lifecycle, or their Security Development Lifecycle (SDL). Put another way, how secure is their own code from common programming mistakes that...
Believe It or Not: Stuxnet Advisories Are Lacking
Stuxnet continues to be in the news: control system, infosec and general. It is widely covered with fact, theory, analogies and crazy conjecture, with the recent articles comparing the WellinTech vuln to Stuxnet being the latest foolish article and the NYT research...
Scoring The 2006 Energy Sector Security Roadmap
Roadmap to Secure Energy Delivery was published for comment. It is a revision of the 2006 Energy Sector Security Roadmap that has subsequently been highly leveraged/copied by other sectors. Before diving into the revised Roadmap, let's take a quick look at how the...
ICS Vendor Security Strategies
A recent ARC Advisory Group analysis of the ABB / Industrial Defender security partnership has me thinking about the different ICS vendor security strategies. I can think of at least four different strategies and will blog on them this week. Let's start with the...
Automating Security Perimeter Monitoring/CIP-5
We are back on the Portaledge project, and if our loyal readers remember this year's tasks are to develop the capability for the PI Server to perform the automated security monitoring for CIP-5 and CIP-7. These modules, as will a NERC CIP approach, will work for any...
Characterizing Disclosed ICS Vulns
The activity of disclosed ICS vulnerabilities has increased gradually over the years and significantly since Stuxnet. A quick look at the last five products with published vulns on ICSCERT leads to two easy conclusions: The security community is locating free trial...
Stuxnet Hints to the Future of Next Gen Vuln Platform?
The initial focus of Stuxnet was the Windows 0days and impact on the PC's. Slowly people started to focus on the impact to the PLC's and process. But I hadn't heard much about Stuxnet as a new vulnerability exploit platform approach until the Pauldotcom interview with...
Article Archive By Year
Article Archive By Category
UPCOMING EVENTS
S4x24 ... 4 - 7 March 2024 in Miami South Beach
Save the date. For the biggest and most future focused on ICS Security Event.