Get your S4x15 Hotel Reservation at The Surfcomber today or tomorrow. They still have rooms for Tuesday through Friday nights at the $249 conference rate. The non-conference rate is $529. We are in the fourth and final tier of S4x15 registration. Seats 151-190 and...

Threatpost and a handful of other news outlets are reporting on a worm actively exploiting the Shellshock bug against unpatched NASes.  As an aside I find it a bit strange that the attackers are only performing clickjacking attacks — a much more obvious attack...

The big story of the week was from Bloomberg's Robertson & Riley: Mysterious '08 Turkey Pipeline Blast Opened New Cyberwar Era. While the headline isn't correct, the sourcing is anonymous and some of the technical conclusions are wrong, this is a great example of...

We have updated the ICS Village page on the S4x15 site. The network diagram is updated so now you will see that there will be Wonderware, Open BACnet stack, and Modicon PLC on the network. The next update will include an almost full list, we will keep a couple of...

The South Beach Pool Party will be at the Surfcomber Hotel on Thursday after the S4 Technical Sessions. We are pleased to announce the entertainment for the party ... The Aqualillies! This synchronized swimming group will perform a few numbers in the great Surfcomber...

S4x15 attendees have some choices for the Friday activity. There is the ICSage: ICS Cyber Weapons conference and now two one-day advanced training classes. We pick classes that will teach students with the right experience a new, leading edge skill in one day. These...

This year we have a fun addition to the S4 Cocktail Party held on the Kovens Center deck overlooking the Intracoastal Waterway ... drones. We are bringing in CineDrones to let attendees fly a drone through an obstacle course. They claim the drones are virtually...

We have added Kim Zetter, author of Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, to the S4x15 Week Agenda. We will have Kim onstage for a live interview as part of ICSage on Friday. I'll have a few questions, but we will open much...

Sean McBride's Finding SCADA Honeypots on Shodan article is a twist on the Internet connected ICS story. He finds 58 Conpots and 67 honeypots listed as Water Control Valve #27. Two points in this article. One, some basic analysis is required to weed out honeypots. And...

Stephen Hilt and a team of volunteers are working furiously on the ICS Village for S4x15. The ICS Village at S4x14 had a large amount of ICS devices, 6 different vendor PLC's, HMI, industrial switches, historians, ..., and we allowed attendees to play and attack them...

CRISP (Cyber Security Risk Information Sharing Program) is a US Department of Energy (DoE) program with two related efforts underway to meet the goals. There can be cases where the Market, in this case energy companies, are not sufficient to support a product or...

This past Sunday's edition of This Week With George Stephanopoulos had a 7-minute segment on critical infrastructure cyber security prompted by the BlackEnergy malware. The lead in by ABC's Pierre Thomas was particularly bad and conflated attacks on company's that run...

The CLUSIF (Club de la sécurité de l’information français) has issued "an overview of existing documents, standards, guidelines and best practices" (link is for the document in English). The 24-page document gives an overview of the most popular and useful documents,...

We added a bunch of info to the S4x15 site including the newly designed banner, see below. We are almost through the first 50 tier ticket pricing (42 sold). "DHS ICS-CERT" and FBI announced, a bit clumsily, that they will be touring 13 cities across the US and...

This post was inspired by two tweets from Reid. @SynAckPwn@digitalbond I’d be happy just seeing ICS-CERT publish its internal advisory-handling guideline documents. — K. Reid Wightman (@ReverseICS) October 21, 2014 @SynAckPwn@digitalbond Right now I think the public...

One of the most thought provoking sessions at S4xJapan was Wataru Machii of the Nagoya Institute of Technology's session on Dynamic Zoning in an ICS. One of the great things about S4xJapan is it provides videos and sessions in the Japanese language. The downside is it...

At S4xJapan in Tokyo I presented on a couple things, this post is about Havex. During the talk I am speaking slowly and plainly as the conference was being simultaneously translated into Japanese. Altering your speaking style to help translators is a good exercise...

We have opened the S4x15 website and registration. There still is a lot to add to the site, like the Conference Hotel, ICS Village CTF, Social Events, Area Info, FAQ, ... But we have always believed it is important to provide attendees with information on the sessions...

If you haven’t read up on the latest debacle in hardware security, I recommend reading EEVBlog's writeup, or Sparkfun's blog post, or follow the FTDIGate hashtag on Twitter … For a summary, FTDI (Future Technology Devices, Inc) released a driver update via Windows...

Registration for S4x15 was scheduled to open today at noon. We have a one day delay, and registration will open tomorrow, Friday, at noon EDT. Sorry for the one day delay, but we wanted to get all of the accepted sessions into the site so you know what you will be...

Reid Wightman of Digital Bond Labs presented Vulnerability Inheritance in ICS at S4xJapan, and he posted the video and a technical article yesterday. I'd like to weigh in on the duplicity of 3S, the ineffectiveness of ICS-CERT, and the challenge passed and failed by...

Registration for S4x15 Week will open this Thursday, and be ready if you want to get one of the 50 lowest cost tickets to the event. We are still working on the one word theme for the event. Some of the leading contenders are Advance, Beyond, and Push. I’ve seen the...

At last week's S4xJapan conference, I gave a talk about insecure-by-design vulnerabilities inherited in PLCs, and provide two vulnerable Japanese PLC vendors as examples of those inheriting security issues. During the talk, I am speaking purposefully slowly -- the...

The biggest story of the week ... we may have the 3rd example of malware targeting ICS. Kyle Wilhoit and Jim Gogolinski of Trend Micro write about Sandworm attacking GE Cimplicity HMI. Interesting pull quote, "As further proof of the malware targeting CIMPILICITY, it...

The term Protocol Differential Analysis needs to make Google as an infosec technique.  I first heard the term from esSOBi at Indianapolis' Circle City Con.  I first encountered the trick, though, in a research lab a few years before: a quick and dirty tool...

Wurldtech announced the Achilles Industrial Firewall. It was hard to understand why GE purchased Wurldtech for their protocol testing, but if they were purchasing this product it begins to makes sense. The pricing for the perimeter model starts at $30K and the field...

S4x15 registration will open at noon EDT on October 23rd. Registering early will not only guarantee you a spot at the event, it will also save you some money. We have kept the price for the two-day S4 event at $995 since the first S4 in 2007. We even added a third...

The US Food and Drug Administration (FDA) published Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. We haven't had time to read it yet, but take a look at Patrick Coyle's analysis. Pull quote, "Interestingly, in this section the...

ICS-CERT published an advisory on web server vulnerabilities in Schneider Electric PLC's including Quantums, Momentums, TSX and other Modicon models. It is a near perfect example of what is wrong with DHS and PLC vendors and in a way the ICSsec community for letting...

The folders that ICS applications are installed in are usually configured as exclusions to anti-virus scanning. In some cases, the almost constant updating of the ICS data files leads to unacceptable performance if subjected to anti-virus protection. In other cases...

Our Stephen Hilt released another Project Redpoint script as part of his DerbyCon presentation on Sunday. Modicon-info.nse will identify PLC's and other Schneider Electric/Modicon devices on the network and then enumerates the device. The script pulls information that...

There is a truism in information security, and it is that everything will eventually be found to be vulnerable. I believe the lesson here should be, 'plan to patch.'  It is tragically common in the embedded device space that vendors don't take this advice. There...

The clock is ticking to get your session proposal in for S4x15 Week. Take a look at the full CFP and get it in by October 1. We don't just wait for the CFP responses. We actively chase down researchers and topics. So if you see something that is S4-worthy please send...

David Perera of Politico released a good article yesterday on the difficulty of taking out the electric grid. Unfortunately the headline writers missed the mark, "US Grid Safe From Large Scale Attack, Experts Say", and it is difficult to write two very different...

We have been working with author Rob Lee and the very helpful Richard Stiennon to translate SCADA and Me - a book for children and management into Japanese. Attendees at our S4xJapan, Oct 14-15 in Tokyo, will receive a free copy of this fun book. It's being printed...

I spoke at the inaugural ArchC0n in St. Louis this Saturday. The main reason I chose to go to this IT security event was they had Richard Bejtlich, Bruce Schneier and Charlie Miller as keynotes. Quite a haul for the first run. Here are some of the items that I wrote...

The agenda is up and registration is open for the first S4xJapan, Oct 14-15 in Tokyo. There is space for 100 people so register now to get your spot. Tuesday, October 14th is Operations Technology day (OTDay). Attendees will learn proven techniques to run a reliable...

The S4xJapan registration, Oct 14-15, opens on Monday morning, Tokyo time. We have been working hard to make this a Japanese event in terms of session focus, language and fun. For example, Kaspersky generously translated their KIPS experience into Japanese for the...

For my first blog post at Digital Bond I’m going to break The Rule and talk about what happened in Vegas. Every year I head to Las Vegas in early August for DEF CON. Usually I’m participating with my fine teammates in the capture-the-flag competition but this year we...

Last week Stephen made a minor, but very helpful, update to the Redpoint script that identifies and enumerates BACnet gateways and devices. All publicly available Redpoint scripts are on our GitHub, and some of the scripts have been integrated into the nmap download....

Digital Bond has started backing Kickstarter projects in order to build up our rack of security assessment and research tools.  One of our recent deliveries is the RFIDler, a low-cost 125khz and 134khz RFID tool.  RFIDler is an interesting project because it...

The US National Institute of Standards and Technology (NIST) is looking to award contracts to build one or more Reconfigurable Control System Cyber Security Testbeds, see diagram below. This could be useful for basic education, that a lot of University programs are...

I am very happy to announce that Corey Thuen will be joining Digital Bond Labs as a researcher and consultant.  Long-time followers of Digital Bond and the S4 conference will know Corey as co-creator of,  "SCADA from Scratch," a project he started with Ken...

Kaspersky issued a research report on Havex they called Energetic Bear - Crouching Yeti after the threat actor. It's probably worth it's own post and worth reading but here are three highlights. On page 15 (HT: Damiano Bolzoni) they describe the Network Scanning...

You are pounded with the message: ICS security is different than IT security. The fact is the Operations Technology (OT) in an ICS is a mission critical / high value IT system and needs to be treated like one. Don't let the ICS is different argument allow you to...

I was talking a while ago to Justin Engler, a friend who also happens to be a really talented web app and mobile app security researcher, about the popping-up of ICS management software for mobile devices.  He theorized that mobile apps for ICS would be an interesting...

After the PG&E substation shooting, FERC had ordered NERC, as the ERO, to develop and submit a Physical Security Reliability Standard within a very short time frame for this type of work. NERC complied and now FERC says they will approve the standard with two...

The S4x15 Week Call for Papers/Presentations is now out. Send us your session ideas asap to have the best chance of getting on the agenda. All we need is a short description and time requirement mailed to s4@digitalbond.com. We are calling it S4x15 Week now because it...

Way back at the Spring 2014 ICSJWG meeting, Dale announced that Digital Bond is opening a new division — Digital Bond Labs.  This week, we are officially opened for business...and we are hiring. Digital Bond has a long reputation for building the tools that other...

We are working with Robert M. Lee and his publisher to get SCADA and Me in Japanese for a giveaway on OTDay of S4xJapan (agenda and registration open on Aug 4th). I wish I had the page above as a hidden slide to pull out at ICSJWG last month. While most of my...

Give eWON some credit. They released information that their website was compromised for a short time in January, and issued an updated notice late last week on their home page. Still nothing on the MB Connect or Swiss vendor site to tell customers they may be...

840 pages related to 2007 Operation Aurora. What, if anything, is newsworthy? https://t.co/Iv2hp62kp3— Dan Goodin (@dangoodin001) July 7, 2014 Thanks Dan for the tip. First a reading tip to save you time. Most of the 840 pages are weekly reports from the DHS Control...