GE announced the long awaited successor to the decrepit and insecure D20 — the D20MX. This time it appears to be real as some asset owners are expecting demo/trial shipments in a matter of weeks. From the site, “Built-in cyber security features such as Remote Authentication Dial-In User Service (RADIUS), Role Based Access Control (RBAC), and user activity logging, provide a complete security toolkit required to achieve NERC-CIP compliance.” Let’s hope many of the insecure by design “features” have also been addressed. This is potentially great news if they have added the right functionality and had a reasonable SDL.
Michael Assante, formerly of NERC and INL, is now a co-founder of NexDefense, an ICS security product company. There is little information available on the NexDefender Suite product line they will bring to market.
Tweet of the Week
Worth Reading Articles
- SCADASEC Overview of Project SHINE (identifying Internet accessible ICS devices)
- Wired’s The Next Big OS War Is In Your Dashboard, 100K lines of code; pull quote: “‘The theme I hear time and time again from every single one of our customers is you’ve got to help us move at the pace of consumer electronics,’ Derek Kuhn, vice president of sales and marketing for QNX Software Systems, told Wired. ‘It’s no longer acceptable to innovate at the pace of automotive.'”
Critical Intelligence’s ICS Security Event Calendar Updates
- TCIPG Webinar, How Extended Unix Tools Can Measure the Changing Security Posture of Process Control Networks, Jan 4
- Distributech ICS Security Sessions, Jan 31 in San Diego, California
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.