2014 Articles

CIPC Meeting, St. Louis – Part 1

CIPC met this past week in St. Louis, with a good agenda of cyber, physical, and compliance items. A bit of background for non-CIP folks, the CIPC stands for Critical Infrastructure Protection Committee, an advisory panel to NERC and the ES-ISAC "in the security...

read more

S4x14 Presentation: PLC Code Protection

We lost three S4x14 videos due to technical difficulties at the end of the day on Wednesday. One of them was a great session from Stephen Dunlap and Jonathan Butts of the Air Force Institute of Technology entitled PLC Code Protection. The presentation slides from that...

read more

DNP3 User Group Politics

It is close to a universal truth that vendors in all industries do not handle their first vulnerability disclosure incident well. We now know the same is true of User Groups with the DNP3 User Group as an example. The widespread DNP3 implementation  vulnerabilities...

read more

Friday News & Notes

Sean McBride of Critical Intelligence asserted at an RSA session it was a contractor named NEDA that introduced Stuxnet into Natanz. Mark Clayton broke the news in this article, and here is a link to Sean's RSA slides. Industrial Defender announced ASM support for the...

read more

Certifications, Frameworks & Mud-Slinging

Last week there was an entertaining SCADASEC thread on the new SANS/GIAC Global Industrial Cyber Security Professional (GICSP) certification. To get your GICSP you take the 5-day SANS Course ICS410: ICS/SCADA Security Essentials and then get 69% or better on the...

read more

S4x14: Bryan Owen’s 15 in 15

Bryan Owen and OSIsoft have been supporters of ICS security research for almost a decade now. And Bryan had another interesting and pithy 15 minute session at S4x14. He covers 15 cyber incidents from around the world that affected their products and company ... and...

read more

Friday News & Notes

Patrick Coyle covers the new effort by the American Water Works Association (AWWA) to develop a Cybersecurity Guide and Cybersecurity Online Tool that attempts to follow the NIST Cybersecurity Framework. TechCrunch reports that Siemens Venture Capital "is launching a...

read more

S4x14 Video: Eireann Leverett’s Red/Blue Live

A live demo often leads to a presentation disaster, but this was not enough of a challenge of Eireann. He decided to run a Red Team / Blue Team exercise live on the S4 stage. http://vimeo.com/85361869 The target was a Siemens SCALANCE switch with a known...

read more

Mining Malware – Generating Data For Searches

The idea for mining malware for evidence of targeting automation came out of reading several papers on Stuxnet that discussed the methods used to intercept calls to the S7 PLC. To summarize, Stuxnet replaced the Siemens stock s7otbxdx.dll with a new version that...

read more

Monday News & Notes

Sorry for the delay, but lot's of news. ISASecure has launched the System Security Assurance (SSA) certification --- "a system-level cybersecurity certification for industrial automation and control systems (IACS) products." Very ambitious and something we will write...

read more

S4x14 Video: Keltner/Thomas Harvard Architecture Exploitation

Nathan Keltner and Josh Thomas of Atredis dove into hardware hacking with a focus on the Teridian System on Chip (SoC). The Teridian SoC is widely used in the smart meter market and is based on the Harvard Architecture. Nathan and Josh explain the differences between...

read more

JPCERT Conference Coverage and Comment

This was the 7th year that JPCERT put on an ICS Security Conference in Tokyo. The conference hall had a capacity of 300 people, and it was sold out weeks before the event. Of course the price was very appealing --- free. Great to see the increased interest having...

read more

HRTShield Build – Step 1

At S4x14 this year, there was a great talk about using an Ardunio Shield to communicate via the HART Protocol by Alexander Bolshev. Michael Toecker Blogged about this talk earlier, read his blog for more details about the talk. As the talk shows the Ardunio shield is...

read more

S4x14 Video: Stephen Hilt on PLCpwn

PLCpwn is a Digital Bond project that Stephen Hilt led and presented at S4x14. It was inspired by the Power Pwn that we had used with a number of clients to help them realize ignoring the physical security perimeter might be a mistake. http://vimeo.com/85668729...

read more

Why PLCpwn Is Important for ICS Cyber Weapons

After hearing about PLCpwn, S4 vet Jake Brodsky over on SCADA Perspective wrote "Only problem: If you have physical access to the network of a PLC or to the PLC itself, you own it. End of story. That's very unlikely to change." While the ICS community still is...

read more

Friday News and Notes

A very brief Friday News and Notes ... Critical Intelligence reports that Shodan is now scanning the default PROFINET port (TCP/34962). Last September Shodan added DNP3 to its scan list. S4x13 vet Ali Abbassi has released a "very basic Modbus fuzzer" on GitHub. This...

read more

S4x14 Video: Highfill’s Unsolicited Response

We encourage passionate disagreement and promotion of new, maybe slightly crazy concepts at S4 through Unsolicited Responses. Attendees can submit their idea for a 5 minute talk, with or without slides, at the event. Some are serious; some are funny. Normally we don't...

read more

NERC CIP Technical Conference in Atlanta

With all the furor about S4 over the past week, our readers may have missed some of the developments on the NERC CIP front. Last week, NERC and electric power representatives (and a bunch of us consulting folks) met in both Phoenix and Atlanta for a one-day conference...

read more

S4x14 Video: Matthew Theobald – Applying SDL To Legacy Code

We hear all the time about the lifecycle of ICS software and hardware being measured in decades rather than years. So even if new code goes through a security development lifecycle (SDL), the ICS community has a large amount of legacy code with latent vulnerabilities...

read more

Friday News & Notes

The NY Times reported NSA Devises Radio Pathway Into Computers. This program fits perfectly into my Preparation and Persistence talk at ICSage and the motivation behind the PLCpwn. I'll have more on this when we post the PLCpwn video, but readers can think about the...

read more

S4x14 ICS Village Stories

As discussed in an earlier blog, attendees of S4x14 wanted to interact with ICS devices they may not have seen before, or even in some case just wanted more practice with devices they know quite well.  It also allowed people from the novice to the advanced to have...

read more

Shot Through the HART – S4x14

At the S4x14 conference in Miami this past week, Alexander Bolshev of ERPScan gave an presentation on his work on the Highway Addressable Remote Transducer protocol (HART). HART is a commonly used industrial protocol for communication over legacy 4-20 ma...

read more

A Walk Through the ICS Village

Last Monday was a busy day for Digital Bond and volunteers at S4x14 setting up the ICS Village. Starting with laying out and setting up networks for attendees of the conference to utilize to reach the devices inside the ICS Village. As shown in previous blogs, there...

read more

S4x14: Dale Peterson Mini Keynote – Next

The ICS Security Research Community is healthier than it has ever been. That's my conclusion based on the S4x14 sessions and what I discuss in my 11-minute mini-keynote you can watch below. http://vimeo.com/84615727 S4x13 was all about 0days. Session after session...

read more

S4x14 Press Roundup

Every year we invite a small number of press to cover S4. We typically pick a couple from the technical press and others from the more mainstream press, and we try to get reporters with a history of covering ICS security. This is not only because they are likely to...

read more

S4x14 Update: ICS Village First Look

<<< ICSage on Friday is sold out, but there are still spots available for S4x14 and OTDay. Register now.>>> The ICS Village is another new addition to S4 in 2014. We want to provide an environment where attendees can attack, defend and interact with...

read more

S4 Week Social Events

Meeting and reconnecting with your peers is a big part of any conference. S4x14 draws a unique, highly technical and international attendee base --- this year over half the attendees are from outside the US (see agenda, courses, hotels and register here). In...

read more

UPCOMING EVENTS

Accenture Operation: Next Closing Keynote ... March 24th

Dale will speak on Creating The Future of OT and ICS Security

S4x22 ... 25-27 Jan 2022 in Miami South Beach

Save the date. Big comeback event after one year off!

2021/2020 Past Events

ICS CYBERSEC 2021 Israel ... February 11th

Dale spoke on the topic of Less

Fortinet Secure OT 2020 Virtual 

Dale's keynote on Innovation Through Disruption.

Hack The Capitol Virtual

Led panel discussion on VC for ICS Security companies

OT-ISAC Virtual Keynote

ICSJWG Virtual Meeting

The Future of ICS Security Products (video)

S4x20 in Miami South Beach

See the videos from the event.

 

2014 Articles

by | May 21, 2019