2015 Articles

Attacking CANBus – Part 2

In part 1 we looked at what CAN is and what the difference between CAN and OBDII traffic is on a vehicle network. In this part we’re going to look at simple reverse engineering techniques to determine which CAN IDs are of interest to us. For this exercise, we’d like...

read more

S4x16 Moves To South Beach

Save the date: S4x16 is January 12-16 S4x16 is moving to the Fillmore Miami Beach at Jackie Gleason Theater in the heart of South Beach. It's literally 3 blocks from the beach, 1 block from Lincoln Road and right in the middle of all the SoBe...

read more

Attacking CANBus – Part 1

I thought I’d take a step back after releasing tools and presenting on CAN to do a quick intro into what communications are going on inside a vehicle anyway. What is CANBus? What is OBDII? Is there a difference? We’re going to skip all the electrical fun parts, the...

read more

iSight Partners Acquires Critical Intelligence

Belden buys Tofino, GE buys Wurldtech, Lockheed Martin buys Industrial Defender and now iSight Partners acquires Critical Intelligence. The trend continues of larger organizations buying ICS security expertise. Bob Huber and Sean McBride left Idaho National Labs...

read more

S4x15 Video – Creating Secure ICS Protocols

At S4x14 Adam Crain of Automatak, along with Chris Sistrunk, presented the results of their Project Robus that fuzzed DNP3 stacks and found most had problems with processing malformed or illegal responses. This year at S4x15 Adam talked about Avoiding Insecurity...

read more

Lies, Damned Lies and Statistics – Part 2

Part 1 covered the need to pull and publish more useful information from the gathered ICS incident and vulnerability data. Part 2 covers "Are the numbers intentionally misleading? 245 Incidents Reported To ICS-CERT in 2014 Means What? The big statistic picked up by...

read more

Lies, Damned Lies and Statistics

"There are three kinds of lies: lies, damned lies, and statistics." Mark Twain (purportedly quoting Benjamin Disraeli) The latest edition of the ICS Monitor, last week's USA Today articles and the reemergence of Joe Weiss's secret database warrant a hard look at the...

read more

S4x15 Video – Ginter on Embedding Malware in ICS Protocols

Andrew Ginter of Waterfall Security Solutions speaks on Embedding Malware in ICS Protocols. His conclusion is this is harder than one thinks. The easier solution might be to use the SQL server, web server, ftp server, or other commonly exploited protocols that...

read more

ICSage Video: Eireann Leverett on Catastronomics

Eireann Leverett of the University of Cambridge Centre for Risk Studies looks at control system related catastrophe scenarios and the economic impact of these scenarios with an eye towards how insurance and reinsurance policies will be written and priced. Admittedly...

read more

Unsolicited Response Podcast: SANS ICS 410 Course & GICSP

Episode 2015:2 SANS ICS Security Training and Certification SANS provided four individuals for our Unsolicited Response podcast on the 5-day ICS 410: ICS/SCADA Security Essentials training course and the related Global Industrial Cyber Security Professional (GICSP)...

read more

Tool Release – CANBus Protector

Continuing in the line of CANBus research and tools release I'd like to announce some quick work on a proof-of-concept CANBus IPS called, unoriginally, the CANBus Protector. I took some time to work on defense of CAN after conducting a lot of vulnerability...

read more

Save The Date: S4xJapan is Nov 5-6 in Tokyo

Digital Bond is pleased to announce the 2nd edition of S4xJapan will be held on November 5 - 6 in Tokyo. The event will be in the Mori Building, Roppongi Hills. The Academy Hills facilities on the 49th floor were perfect for the event last year. The room where the...

read more
S4x15 CTF ICS Village Page

S4x15 CTF ICS Village Page

The Capture The Flag (CTF) contest in the ICS Village at S4x15 was a big hit. We have had numerous requests from attendees and those that heard about it for more information and data. So Stephen has put together a page of information. The page includes: Examples...

read more

ISA99 – Safety and Security

ISA99 Working Group 7 has a draft document out entitled "Recommendations to align safety and security for industrial automation control systems". The document begins by noting the failed efforts to find a "mathematical coupling" between Safety Integrity Level (SIL)...

read more

Tool Release – Digital Bond CANBus-Utils

I'd like to make a quick post with the release of some CANBus analysis tools I wrote. The tools are written in javascript using nodejs, which comes preinstalled on the Beaglebone black -- my hardware of choice when doing CAN analysis. I wrote up a brief README on...

read more

IIoT – What’s In A Name

 First in a series on IIoT, Industrial Internet and Industrie 4.0. I attended the ARC Forum last month in Orlando, and the theme was what ARC has coined as the Industrial Internet of Things (IIoT). Theme does not accurately describe the emphasis. Every...

read more

S4x15 Video: ICS Malware with Kyle Wilhoit

Kyle Wilhoit has found and analyzed a large portion of the ICS malware found in 2014 / 2015. He goes into the details of: - The Sandworm group looking for Internet exposed HMI and their targets - Blacken / Black Energy targeting the GE Cimplicity HMI - Havex scanning...

read more

S4x15 Video: Kaspersky Control System OS

Kaspersky announced their project to develop a Control System OS back in October 2012. We tried to get them to present some details on the design criteria and goals at S4x13 and S4x14 without success. So we were very happy to have Andrey Nikishin give a session...

read more

Get The ICS Security Research Newsletter

The ICS Security Research Newsletter has been dormant for a while now, but Reid Wightman and the team at Digital Bond Labs has resurrected it. They are committed to at least a quarterly issue in 2015. The first issue for 2015 includes: Information on the IBAL...

read more

ARC Forum Event

The ARC Advisory Group invited me to participate in one of the security panels at the annual ARC Forum this week in Orlando. It's an event I always wanted to check out so I spoke and attended. Here are some brief thoughts from the event. The best part of the event is...

read more

S4x15 Video – Introducing IBAL for IDA Pro

Digital Bond Labs has been using the IDA Pro API to extend it and make it even more useful for gray / black box testing. At S4x15 Reid Wightman, who heads up the Labs, introduced the first IDA Binary Analysis Library (IBAL) that are released for public consumption on...

read more

The bots will find you

I thought I would write a quick post to share some interesting web logs. I set up a very temporary server to make the CANBus Hacking class materials available for attendees. The server was available for about a week and not connected to anything or linked from...

read more

S4x15 Video – Remote Control Automobiles

S4 in January is a great way to start off a new year. This year I had a session entitled "Remote Control Automobiles" where I analyzed an OBD-II dongle from Progressive that is designed to track vehicle usage for insurance purposes. It's a cellular enabled...

read more

Time to Get Progressive With ICS / IoT Cyber Security

Today we posted the video of Corey Thuen's S4x15 Technical Session on the insecure by design Progressive Snapshot dongle. Progressive responded with a statement to a Forbes reporter: if an individual has credible evidence of a potential vulnerability related to...

read more

ICS vendors still falling short on security response

While at S4, Digital Bond Labs had a security advisory published by ICS-CERT (see ICSA-15-013-03).  One thing that we tried to do differently with releasing information on the issue this time around was to reach out to vendors that were obviously using...

read more

S4x15 Video – The Pragmatic Pwn of ICS

Bryan Singer and Lily Glick start off the S4 Technical Sessions with a great presentation they named The Pragmatic Pwn of ICS. They focus on the engineering aspects of a cyber attack and the defense of a process using a distillation column (making 80...

read more

S4x15 Mini Keynote … Now What?

Here is my short, 13-minute introduction to S4x15. After going into a brief review of S4x12, x13 and x14, it covers the theme of S4x15 and where ICS security research is heading. https://vimeo.com/117940030/ Assume an attacker has gained a presence on the ICS, such as...

read more

S4x15 CTF Winners, Drone Footage & the SCADA Diva

Stephen had an article yesterday on the ICS Village / Capture The Flag (CTF) competition at S4x15. We also will be putting up a page with more info on the flags, techniques and pcaps in the next week. In the meantime, check out the interview with the winning team....

read more

S4x15 Capture the Flag

This year at S4x15, Digital Bond set out to create an ICS  Capture The Flag, or CTF. Flags were created to simulate real world situations that an attacker would encounter if he targeted an ICS. By the end of the CTF, there were over 30 teams playing. Most of the...

read more

S4x15 OTDay Presentations Are Up

We have posted the presentations from Tuesday's Operations Technology Day (OTDay) of S4x15. The purpose of OTDay is to provide very practical information on how to apply mission critical IT technology and processes to OT. There were 150 people in attendance for this...

read more

15 Reasons to be Optimistic about ICS Security in 2015

This is the companion article to our 15 Reasons to be Pessimistic about ICS Security in 2015 that we ran on Friday. On Wednesday I'll lay out what to look forward to in 2015 based on these two contrasting articles. Many of the items below come from experiences with...

read more

15 Reasons to be Pessimistic about ICS Security in 2015

If this is too depressing, wait for Monday's article 15 Reasons to be Optimistic about ICS Security in 2015. Almost all ICS protocols are still insecure by design with no end in sight. Access to ICS = Compromise.Most potentially influential organization, US Department...

read more

UPCOMING EVENTS

Sept 19-20 in Sochi, Russia

I'll give a keynote at the Kaspersky Industrial Cybersecurity Conference 2019. I spoke at this event in 2017, and Kaspersky is always a tremendous host. Hopefully some of my Russian followers will be there.

S4x20 ... Jan 21 - 23 in Miami South Beach

Make sure you mark your calendar for the largest and most advanced OT / ICS Security event. And you can catch up on past S4 on the S4xEvents YouTube Channel.

2019 PAST EVENTS

April 11th in Cebu

A private event where I'll discuss the future of attacks on and defense of Level 1 devices (PLC's). A lot changed in 2018, and this is just a hint as to what is coming.

March 5th in San Francisco

I moderated an event by the Basque Cybersecurity Centre to promote leading edge cybersecurity countries in the region. 

February 4th in New Orleans

Best Practices in Utility Security at Distributech. (See the video) I spoke about Real Time Network and Asset Monitoring at this new event. Lot's to say after the S4x19 ICS Detection Challenge experience.

 

 

2015 Articles

by | May 21, 2019