2014 Articles

Friday News and Notes

Get your S4x15 Hotel Reservation at The Surfcomber today or tomorrow. They still have rooms for Tuesday through Friday nights at the $249 conference rate. The non-conference rate is $529. We are in the fourth and final tier of S4x15 registration. Seats 151-190 and...

read more

Whose Code Is It, Anyway?

Threatpost and a handful of other news outlets are reporting on a worm actively exploiting the Shellshock bug against unpatched NASes.  As an aside I find it a bit strange that the attackers are only performing clickjacking attacks — a much more obvious attack...

read more

Friday News & Notes

The big story of the week was from Bloomberg's Robertson & Riley: Mysterious '08 Turkey Pipeline Blast Opened New Cyberwar Era. While the headline isn't correct, the sourcing is anonymous and some of the technical conclusions are wrong, this is a great example of...

read more

ICS Village CTF Update

We have updated the ICS Village page on the S4x15 site. The network diagram is updated so now you will see that there will be Wonderware, Open BACnet stack, and Modicon PLC on the network. The next update will include an almost full list, we will keep a couple of...

read more

Aqualillies at S4x15

The South Beach Pool Party will be at the Surfcomber Hotel on Thursday after the S4 Technical Sessions. We are pleased to announce the entertainment for the party ... The Aqualillies! This synchronized swimming group will perform a few numbers in the great Surfcomber...

read more

S4x15 Advanced Training Classes

S4x15 attendees have some choices for the Friday activity. There is the ICSage: ICS Cyber Weapons conference and now two one-day advanced training classes. We pick classes that will teach students with the right experience a new, leading edge skill in one day. These...

read more

Send In The Drones, S4x15

This year we have a fun addition to the S4 Cocktail Party held on the Kovens Center deck overlooking the Intracoastal Waterway ... drones. We are bringing in CineDrones to let attendees fly a drone through an obstacle course. They claim the drones are virtually...

read more

Kim Zetter Interview & Book Signing at S4x15

We have added Kim Zetter, author of Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, to the S4x15 Week Agenda. We will have Kim onstage for a live interview as part of ICSage on Friday. I'll have a few questions, but we will open much...

read more

Friday News & Notes

Sean McBride's Finding SCADA Honeypots on Shodan article is a twist on the Internet connected ICS story. He finds 58 Conpots and 67 honeypots listed as Water Control Valve #27. Two points in this article. One, some basic analysis is required to weed out honeypots. And...

read more

ICS Village at S4x15

Stephen Hilt and a team of volunteers are working furiously on the ICS Village for S4x15. The ICS Village at S4x14 had a large amount of ICS devices, 6 different vendor PLC's, HMI, industrial switches, historians, ..., and we allowed attendees to play and attack them...

read more

CRISP: Market Failure and Fools Gold

CRISP (Cyber Security Risk Information Sharing Program) is a US Department of Energy (DoE) program with two related efforts underway to meet the goals. There can be cases where the Market, in this case energy companies, are not sufficient to support a product or...

read more

ABC This Week / Bravo Richard Clarke

This past Sunday's edition of This Week With George Stephanopoulos had a 7-minute segment on critical infrastructure cyber security prompted by the BlackEnergy malware. The lead in by ABC's Pierre Thomas was particularly bad and conflated attacks on company's that run...

read more

Friday News & Notes

The CLUSIF (Club de la sécurité de l’information français) has issued "an overview of existing documents, standards, guidelines and best practices" (link is for the document in English). The 24-page document gives an overview of the most popular and useful documents,...

read more

Friday News & Notes

We added a bunch of info to the S4x15 site including the newly designed banner, see below. We are almost through the first 50 tier ticket pricing (42 sold). "DHS ICS-CERT" and FBI announced, a bit clumsily, that they will be touring 13 cities across the US and...

read more

What Does ICS-CERT Do?

This post was inspired by two tweets from Reid. @SynAckPwn@digitalbond I’d be happy just seeing ICS-CERT publish its internal advisory-handling guideline documents. — K. Reid Wightman (@ReverseICS) October 21, 2014 @SynAckPwn@digitalbond Right now I think the public...

read more

Dynamic Zoning / S4x15 Great Debate

One of the most thought provoking sessions at S4xJapan was Wataru Machii of the Nagoya Institute of Technology's session on Dynamic Zoning in an ICS. One of the great things about S4xJapan is it provides videos and sessions in the Japanese language. The downside is it...

read more

Havex Deep Dive

At S4xJapan in Tokyo I presented on a couple things, this post is about Havex. During the talk I am speaking slowly and plainly as the conference was being simultaneously translated into Japanese. Altering your speaking style to help translators is a good exercise...

read more

S4x15 Is Open For Registration!

We have opened the S4x15 website and registration. There still is a lot to add to the site, like the Conference Hotel, ICS Village CTF, Social Events, Area Info, FAQ, ... But we have always believed it is important to provide attendees with information on the sessions...

read more

On FTDIGate

If you haven’t read up on the latest debacle in hardware security, I recommend reading EEVBlog's writeup, or Sparkfun's blog post, or follow the FTDIGate hashtag on Twitter … For a summary, FTDI (Future Technology Devices, Inc) released a driver update via Windows...

read more

S4x15 Registration Opens Tomorrow

Registration for S4x15 was scheduled to open today at noon. We have a one day delay, and registration will open tomorrow, Friday, at noon EDT. Sorry for the one day delay, but we wanted to get all of the accepted sessions into the site so you know what you will be...

read more

Duplicity, Ineffectiveness & Challenge Pass/Fail

Reid Wightman of Digital Bond Labs presented Vulnerability Inheritance in ICS at S4xJapan, and he posted the video and a technical article yesterday. I'd like to weigh in on the duplicity of 3S, the ineffectiveness of ICS-CERT, and the challenge passed and failed by...

read more

S4x15 Theme & Other ICS Security Events

Registration for S4x15 Week will open this Thursday, and be ready if you want to get one of the 50 lowest cost tickets to the event. We are still working on the one word theme for the event. Some of the leading contenders are Advance, Beyond, and Push. I’ve seen the...

read more

Vulnerability Inheritance in PLCs – CoDeSys V3 Edition

At last week's S4xJapan conference, I gave a talk about insecure-by-design vulnerabilities inherited in PLCs, and provide two vulnerable Japanese PLC vendors as examples of those inheriting security issues. During the talk, I am speaking purposefully slowly -- the...

read more

Friday News & Notes

The biggest story of the week ... we may have the 3rd example of malware targeting ICS. Kyle Wilhoit and Jim Gogolinski of Trend Micro write about Sandworm attacking GE Cimplicity HMI. Interesting pull quote, "As further proof of the malware targeting CIMPILICITY, it...

read more

Protocol Differential Analysis

The term Protocol Differential Analysis needs to make Google as an infosec technique.  I first heard the term from esSOBi at Indianapolis' Circle City Con.  I first encountered the trick, though, in a research lab a few years before: a quick and dirty tool...

read more

Friday News & Notes

Wurldtech announced the Achilles Industrial Firewall. It was hard to understand why GE purchased Wurldtech for their protocol testing, but if they were purchasing this product it begins to makes sense. The pricing for the perimeter model starts at $30K and the field...

read more

S4x15 Registration Info

S4x15 registration will open at noon EDT on October 23rd. Registering early will not only guarantee you a spot at the event, it will also save you some money. We have kept the price for the two-day S4 event at $995 since the first S4 in 2007. We even added a third...

read more

Friday News & Notes

The US Food and Drug Administration (FDA) published Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. We haven't had time to read it yet, but take a look at Patrick Coyle's analysis. Pull quote, "Interestingly, in this section the...

read more

Security Theater ICS Webisode

ICS-CERT published an advisory on web server vulnerabilities in Schneider Electric PLC's including Quantums, Momentums, TSX and other Modicon models. It is a near perfect example of what is wrong with DHS and PLC vendors and in a way the ICSsec community for letting...

read more

Where To Hide Malware In ICS

The folders that ICS applications are installed in are usually configured as exclusions to anti-virus scanning. In some cases, the almost constant updating of the ICS data files leads to unacceptable performance if subjected to anti-virus protection. In other cases...

read more

Redpoint: Schneider/Modicon PLC Enumeration

Our Stephen Hilt released another Project Redpoint script as part of his DerbyCon presentation on Sunday. Modicon-info.nse will identify PLC's and other Schneider Electric/Modicon devices on the network and then enumerates the device. The script pulls information that...

read more

The BASH Bug and You — Lessons in Providing Patches

There is a truism in information security, and it is that everything will eventually be found to be vulnerable. I believe the lesson here should be, 'plan to patch.'  It is tragically common in the embedded device space that vendors don't take this advice. There...

read more

S4x15 CFP Ends Oct 1

The clock is ticking to get your session proposal in for S4x15 Week. Take a look at the full CFP and get it in by October 1. We don't just wait for the CFP responses. We actively chase down researchers and topics. So if you see something that is S4-worthy please send...

read more

Causing A Large Scale Blackout

David Perera of Politico released a good article yesterday on the difficulty of taking out the electric grid. Unfortunately the headline writers missed the mark, "US Grid Safe From Large Scale Attack, Experts Say", and it is difficult to write two very different...

read more

SCADA & Me in Japanese at S4xJapan

We have been working with author Rob Lee and the very helpful Richard Stiennon to translate SCADA and Me - a book for children and management into Japanese. Attendees at our S4xJapan, Oct 14-15 in Tokyo, will receive a free copy of this fun book. It's being printed...

read more

ArchC0n ’14 Report

I spoke at the inaugural ArchC0n in St. Louis this Saturday. The main reason I chose to go to this IT security event was they had Richard Bejtlich, Bruce Schneier and Charlie Miller as keynotes. Quite a haul for the first run. Here are some of the items that I wrote...

read more

S4xJapan Registration Open

The agenda is up and registration is open for the first S4xJapan, Oct 14-15 in Tokyo. There is space for 100 people so register now to get your spot. Tuesday, October 14th is Operations Technology day (OTDay). Attendees will learn proven techniques to run a reliable...

read more

Friday News & Notes

The S4xJapan registration, Oct 14-15, opens on Monday morning, Tokyo time. We have been working hard to make this a Japanese event in terms of session focus, language and fun. For example, Kaspersky generously translated their KIPS experience into Japanese for the...

read more

DEF CON 22 ICS Village

For my first blog post at Digital Bond I’m going to break The Rule and talk about what happened in Vegas. Every year I head to Las Vegas in early August for DEF CON. Usually I’m participating with my fine teammates in the capture-the-flag competition but this year we...

read more

Update To Redpoint BACnet Enumeration

Last week Stephen made a minor, but very helpful, update to the Redpoint script that identifies and enumerates BACnet gateways and devices. All publicly available Redpoint scripts are on our GitHub, and some of the scripts have been integrated into the nmap download....

read more

The RFIDLer, RFID Hacking on a Budget

Digital Bond has started backing Kickstarter projects in order to build up our rack of security assessment and research tools.  One of our recent deliveries is the RFIDler, a low-cost 125khz and 134khz RFID tool.  RFIDler is an interesting project because it...

read more

Friday News & Notes

The US National Institute of Standards and Technology (NIST) is looking to award contracts to build one or more Reconfigurable Control System Cyber Security Testbeds, see diagram below. This could be useful for basic education, that a lot of University programs are...

read more

Digital Bonds Labs Expands…

I am very happy to announce that Corey Thuen will be joining Digital Bond Labs as a researcher and consultant.  Long-time followers of Digital Bond and the S4 conference will know Corey as co-creator of,  "SCADA from Scratch," a project he started with Ken...

read more

Friday News & Notes

Kaspersky issued a research report on Havex they called Energetic Bear - Crouching Yeti after the threat actor. It's probably worth it's own post and worth reading but here are three highlights. On page 15 (HT: Damiano Bolzoni) they describe the Network Scanning...

read more

OT Is Mission Critical IT

You are pounded with the message: ICS security is different than IT security. The fact is the Operations Technology (OT) in an ICS is a mission critical / high value IT system and needs to be treated like one. Don't let the ICS is different argument allow you to...

read more

On Mobile Device ICS App Security

I was talking a while ago to Justin Engler, a friend who also happens to be a really talented web app and mobile app security researcher, about the popping-up of ICS management software for mobile devices.  He theorized that mobile apps for ICS would be an interesting...

read more

Friday News & Notes

After the PG&E substation shooting, FERC had ordered NERC, as the ERO, to develop and submit a Physical Security Reliability Standard within a very short time frame for this type of work. NERC complied and now FERC says they will approve the standard with two...

read more

S4x15 Week: Call for Papers/Presentations

The S4x15 Week Call for Papers/Presentations is now out. Send us your session ideas asap to have the best chance of getting on the agenda. All we need is a short description and time requirement mailed to s4@digitalbond.com. We are calling it S4x15 Week now because it...

read more

Digital Bond Labs Open For Business

Way back at the Spring 2014 ICSJWG meeting, Dale announced that Digital Bond is opening a new division — Digital Bond Labs.  This week, we are officially opened for business...and we are hiring. Digital Bond has a long reputation for building the tools that other...

read more

Even Little Bobby Knows

We are working with Robert M. Lee and his publisher to get SCADA and Me in Japanese for a giveaway on OTDay of S4xJapan (agenda and registration open on Aug 4th). I wish I had the page above as a hidden slide to pull out at ICSJWG last month. While most of my...

read more

Friday News & Notes

Give eWON some credit. They released information that their website was compromised for a short time in January, and issued an updated notice late last week on their home page. Still nothing on the MB Connect or Swiss vendor site to tell customers they may be...

read more

USG Aurora Data Dump

840 pages related to 2007 Operation Aurora. What, if anything, is newsworthy? https://t.co/Iv2hp62kp3— Dan Goodin (@dangoodin001) July 7, 2014 Thanks Dan for the tip. First a reading tip to save you time. Most of the 840 pages are weekly reports from the DHS Control...

read more

UPCOMING EVENTS

 

S4x20 ... Jan 21 - 23 in Miami South Beach

Make sure you mark your calendar for the largest and most advanced OT / ICS Security event. And you can catch up on past S4 on the S4xEvents YouTube Channel.

2019 PAST EVENTS

Sept 19-20 in Sochi, Russia

I'll give a keynote at the Kaspersky Industrial Cybersecurity Conference 2019. I spoke at this event in 2017, and Kaspersky is always a tremendous host.

Sept 12 in Phoenix

I spoke at a private company event.

April 11th in Cebu

A private event where I'll discuss the future of attacks on and defense of Level 1 devices (PLC's). A lot changed in 2018, and this is just a hint as to what is coming.

March 5th in San Francisco

I moderated an event by the Basque Cybersecurity Centre to promote leading edge cybersecurity countries in the region. 

February 4th in New Orleans

Best Practices in Utility Security at Distributech. (See the video) I spoke about Real Time Network and Asset Monitoring at this new event. Lot's to say after the S4x19 ICS Detection Challenge experience.

 

 

2014 Articles

by | May 21, 2019