2016 Articles
Attack On Ukraine Power Grid Added To S4x17 Agenda
Learn More and Register For S4x17, Jan 10-12 in Miami South Beach We have learned in recent years to leave a slot or two for late breaking attacks on ICS or hot research in the S4 agenda. Ukraine has helped fill this spot now for the second year in a row. We know that...
Secure ICS Protocols at S4
2016 was a turning point with secure ICS protocols. For a while it was limited primarily to OPC UA and DNP3 SA, but 2016 brought us a secure version of CIP / Ethernet/IP, Secure Modbus and a couple of others that will soon be unveiled. This should be enough...
Ransomware Hitting ICS
There are two sessions at S4x17, Jan 10-12 in Miami South Beach, covering actual ransomware incidents in ICS. Marcelo Branquinho of TI Safe will go over two case studies that occurred in South America on the Main Stage, and RSA will discuss an ICS ransomware case in...
More S4 CTF Tips and Info
Register for S4x17 now! Ticket Block 151 - 200 on sale now for $1,395. First - Reid provided me with the official Killer Robots, Inc logo. Second - My thoughts on who should consider participating in the S4 ICS CTF. A person with hacking skills, but little experience...
Developing Next Generation of ICS Security Talent
We wanted to do it at S4x16, but couldn't get it done. It's going to happen at S4x17. A South Florida High School Class will go through two days of hands on automation and security training with Matthew Luallen and the CybatiWorks kit, and then 12 of the students and...
Killer Robots, Inc. at S4xCTF
OSIsoft is back again as a S4xCTF sponsor, and they are bringing back Killer Robots, Inc. with new and unsolved flags from last year. Enter Harry Paul of OSIsoft to give you some information and hints to help you get some of the PI System related flags in the S4x17...
Great Content on Sponsor Stage at S4x17
See the S4x17 Agenda and Register Now We had a number of sponsors at S4x16 complain that few of the 300 attendees came to their talk, although a few were standing room only. So this year we were blunt, your sponsor session is competing against quality content on...
What Do You Want To Ask Justine Bone of MedSec?
Submit and Vote on Questions for Justine Bone of MedSec I am pleased to announce that Justine Bone of MedSec agreed to an interview on the Main Stage at S4x17. Vulnerability disclosure is and has been a contentious topic in ICS. I generally don't write much about it...
How Deep Is Your ICS Deep Packet Inspection (DPI)
Check out the S4x17 Agenda At A Glance and Register Now The industrial firewall and ICS anomaly detection markets are getting very crowded. The industrial firewall market is older, but it is still expanding both in specialized ICS firewalls and enterprise firewalls...
Serial Killers: Ethernet/Serial Gateways Exposed
One of the nastiest aspects of the attack on the Ukrainian Electric Distribution System was bricking the Moxa Ethernet-to-Serial gateways. Industry insiders have known these little devices were a security problem. Reid goes over the timeline when it was disclosed to...
Reid Wightman Starts New Company: RevICS
After two years establishing and running Digital Bond Labs, Reid and I have decided that it makes more sense to run this as a stand alone business. So I have the honor to be the first to announce and congratulate Reid on his new company: RevICS. In all candor I've...
The Ghost of S4 CTF Past
We have been preparing some new and interesting challenges for the S4 CTF this year, and I think that players will have a lot of fun with what we have in the works. We have a number of nice challenges that involve breaking and entering into our ‘Killer Robot...
S4 Video: Attacking The Plant Through WirelessHART
There are two weeks left to submit your session proposal for the S4x17 Main Stage or Stage 2: Technical Deep Dives. Take a look at the Call For Presentations and submit this month. Subscribe to The S4 Events YouTube Channel This S4xVideo is a great example of what we...
Why Invest In Complexity (Toecker)
This guest post is by Michael Toecker of Context Industrial Security and a Digital Bond Alumnus. It first appeared on the SCADASEC list. I thought it was great, and Michael kindly allowed us to post it here. The world isn't about just the process anymore, it's not...
DNS Slides and Tools Release
Way back at S4xJapan, 2015, Labs did a small research project on DNS domain squatting. We never thought that it would amount to much in terms of press, but did think that would be a useful talk to spur vendors into action before it was too late. Already we have...
S4x17 Call For Presentations
Today through August 31st the S4x17 Call For Presentations is open. It is the place to present advanced topics in ICS and related fields to an audience will get it. The process is real simple. Send an email with 2 or 3 paragraphs on your session idea to...
S4 Classic Video: Langner’s Stuxnet Deep Dive
Tomorrow we will be officially opening the S4x17 Call For Presentations (CFP), so I thought it would be the perfect time to highlight one of the S4 Classics to show what a S4 Technical Deep Dive looks like. Watch how Ralph goes through the code/logic in detail so...
S4x16 Video: Langner’s Critical Penetration Analysis in Nuclear Power
A great 22 minute presentation by Ralph Langner of The Langner Group at S4x16. He provides some very specific examples of a cyber / physical attack on nuclear power plants. For example, a cyber attack on all of the feedwater systems. https://youtu.be/LiNtzCibDko What...
S4xEurope Video: IRONGATE – Technical Deep Dive
We decided to put the IRONGATE video from last week's S4xEurope out first. There is no new big reveal over the information put out in the FireEye article, but Rob provides a lot of context that makes it easier to understand. He also focuses on unanswered questions and...
Why IRONGATE Is A Big ICS Security Story
We were thrilled to add a session by Rob Caldwell / FireEye to next week's S4xEurope agenda when we learned in April about the ICS malware they have named IRONGATE. This is the second biggest ICSsec story of the year to date, albeit a distant second from the Ukrainian...
S4x16 Keynote Video – General Michael Hayden
General Hayden gave the Day 1 Keynote at S4x16 and really brought it. He had strong and often controversial opinions that were well defended. He pointed out where he disagreed with President Obama, FBI Director Comey and most of Europe. Check it out below or...
S4x16 Video: Billy Rios … Infusion Pump Teardown
Billy Rios of Whitescope gives a classic S4 Technical Deep Dive on a medical device called an Infusion Pump at S4x16 in Miami South Beach. He opens them up, shows the hardware, connections between boards, attack paths, default credentials, rogue firmware upload and...
S4x16 Video: Interview with Marty Edwards, Director of ICS-CERT
I had the chance to interview Marty Edwards who leads the ICS cyber security effort at the US Department of Homeland Security (DHS). https://youtu.be/BfkR8ElsgHo The first 6 minutes introduce Marty and clarify what ICS-CERT does (it's much more than a CERT). 6:50:...
Basecamp Redux: Siemens S7-1500 PLC Gets French ANSSI Certification
We will have a series of articles coming soon on the new Siemens S7 PLC security features, and I'm pleased to announce that Oliver Narr of Siemens will join representatives from GE, Rockwell Automation and Schneider Electric on our NextGen PLC Security panel at...
Shell Added To S4xEurope Agenda
Register for S4xEurope, June 9-10 in Vienna The latest and likely last addition to the S4xEurope agenda is a session I've wanted ever since seeing Tyler Williams from Shell present at the ARC Industry Forum in early 2015. It is a very honest session on Shell's ICS...
Push Your ICS Vendor / Integrator To Do It Right
Imagine it is that once a decade time when you are installing or performing a significant upgrade to your ICS. Your ICS vendors have spent the last five years adding security controls and developing white papers, install instructions and other tips to better protect...
Basecamp Redux: Minimizing Attack Surface & Security Logging in Modicon M580
This is the fourth in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure...
Great Agenda For S4xEurope, June 9-10 in Vienna
See the full S4xEurope agenda and register here We have been adding sessions to the S4xEurope program over the last few weeks, and it has rounded into a great event for anyone interested in advanced ICS cybersecurity information. We assume attendees know what a PLC...
Basecamp Redux: Secure ICS Protocols in Modicon M580
This is the third in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure...
Basecamp Redux: Integrity in Modicon M580
This is the second in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure...
Felix ‘FX’ Lindner Added To S4xEurope Lineup
We are pleased to announce that Felix 'FX' Lindner will be speaking on Friday morning at S4xEurope, June 9-10 in Vienna. FX has been a keynote and headline speaker at just about every major cyber security event around the world. I believe his work and views on trust...
Moxa Vulnerability Advisory
After trying to work with Moxa for over 8 months, Labs decided that it was time to reveal some information (and most importantly, some mitigation advice) about NPort serial converter issues. Labs published an advisory last week concerning Moxa NPort 5000 and 6000...
Project Basecamp Redux: The Death of Insecure By Design
This is the first in a series of articles on a topic of very good news for the ICS community. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure protocols. It's time to plan for your next ICS, or...
S4xEurope Agenda Up / Registration Open
S4 is coming to Europe, specifically the Grand Hotel Wien in Vienna, Austria June 8-10. The first draft of the agenda is up and registration is open. Here are some highlights: Wednesday, June 8th we have three optional training courses with Alexander Bolshev, Joel...
1418 Vulnerabilities In A Medical Device – What Now?
Good guy researcher Billy Rios of Whitescope looks at the cyber security of medical devices and found some problems in a device that is no longer sold or supported. 1,418 known vulnerabilities in the Pyxis devices: https://t.co/YaVRP8X97w— Billy Rios (@XSSniper) March...
Utilities Caught In The Crossfire
Rob Lee, Mike Assante and Tim Conway released their analysis of the cyber attack on a Ukrainian power distribution system. It's good work as expected from that crew, but they state "This report does not focus on attribution of the attack." Their focus is on lessons to...
Project Basecamp Foreshadows Ukraine Bad Firmware Upload
There are so many great examples and lessons to be learned from the cyber attack that caused the Ukrainian power outage on December 23rd. Kim Zetter of Wired has one of the best articles on this if you want the public version of the full story to date. The remote...
So What Should I Bother Patching In My ICS?
My last two articles covered the negligible risk reduction of applying security patches to Insecure By Design Devices and the minimal risk reduction of applying security patches to Insecure By Design Zones. The good news is eliminating this activity gives you and your...
Patching Insecure By Design Zones
My last article made the case that there is only trivial risk reduction in applying security patches to Insecure By Design applications and devices. Now consider the actual risk reduction achieved by patching computers in Insecure By Design Zones. An Insecure By...
DNS Squatting and You
At S4xJapan, we presented a small internal research project on DNS squatting. The topic has been refreshed in my mind because of a recent Cylance report on Japanese critical infrastructure being breached by watering hole attacks (see their SPEAR team report on the...
Should I Apply Security Patches to My ICS?
This was the topic of my talk at the SANS ICS Security Summit in Orlando. Take a look at the presentation below, and I'll write a few posts to give context to the key points. http://www.slideshare.net/dgpeters/should-i-patch-my-ics Most asset owner ICS Security...
S4xEurope Call For Presentations
It's true. We finally listened to loyal readers and S4 attendees and are bringing the event to Europe. S4xEurope will be June 9-10 in Vienna Austria at the Grand Hotel Wien. We may have some training courses on June 8th if you have any ideas. It's a very...
This Cloud (might) have a Silver Lining
There are two things that I hate in the world this morning: the term ‘IoT’, and the fact that ICS slave devices are the ones which run server software. Sometimes, two bad thoughts do make a good one. This morning is one of those times. A common...
S4x16 Is A Wrap
300 of the best and brightest in ICS Cyber Security from around the world were in Miami South Beach last week for Digital Bond's S4x16. And the social events and structure of S4x16 gave ample time and fun opportunities to establish and grow the relationships so...
S4x16 Polling Links
Trying to make this easy for people at S4x16 or lurking on the Internet. Here are the links for the input we are seeking. Thursday Flash Panel We will select the panelists and the questions based on your nominations and votes. Link to Nominate and Vote on the...
Article Archive By Year
Article Archive By Category
UPCOMING EVENTS
S4x24 ... 4 - 7 March 2024 in Miami South Beach
Save the date. For the biggest and most future focused on ICS Security Event.