Learn More and Register For S4x17, Jan 10-12 in Miami South Beach We have learned in recent years to leave a slot or two for late breaking attacks on ICS or hot research in the S4 agenda. Ukraine has helped fill this spot now for the second year in a row. We know that...

2016 was a turning point with secure ICS protocols. For a while it was limited primarily to OPC UA and DNP3 SA, but 2016 brought us a secure version of CIP / Ethernet/IP, Secure Modbus and a couple of others that will soon be unveiled. This should be enough...

There are two sessions at S4x17, Jan 10-12 in Miami South Beach, covering actual ransomware incidents in ICS. Marcelo Branquinho of TI Safe will go over two case studies that occurred in South America on the Main Stage, and RSA will discuss an ICS ransomware case in...

We wanted to do it at S4x16, but couldn't get it done. It's going to happen at S4x17. A South Florida High School Class will go through two days of hands on automation and security training with Matthew Luallen and the CybatiWorks kit, and then 12 of the students and...

OSIsoft is back again as a S4xCTF sponsor, and they are bringing back Killer Robots, Inc. with new and unsolved flags from last year. Enter Harry Paul of OSIsoft to give you some information and hints to help you get some of the PI System related flags in the S4x17...

See the S4x17 Agenda and Register Now We had a number of sponsors at S4x16 complain that few of the 300 attendees came to their talk, although a few were standing room only. So this year we were blunt, your sponsor session is competing against quality content on...

Submit and Vote on Questions for Justine Bone of MedSec I am pleased to announce that Justine Bone of MedSec agreed to an interview on the Main Stage at S4x17. Vulnerability disclosure is and has been a contentious topic in ICS. I generally don't write much about it...

Check out the S4x17 Agenda At A Glance and Register Now The industrial firewall and ICS anomaly detection markets are getting very crowded. The industrial firewall market is older, but it is still expanding both in specialized ICS firewalls and enterprise firewalls...

After two years establishing and running Digital Bond Labs, Reid and I have decided that it makes more sense to run this as a stand alone business. So I have the honor to be the first to announce and congratulate Reid on his new company: RevICS. In all candor I've...

There are two weeks left to submit your session proposal for the S4x17 Main Stage or Stage 2: Technical Deep Dives. Take a look at the Call For Presentations and submit this month. Subscribe to The S4 Events YouTube Channel This S4xVideo is a great example of what we...

This guest post is by Michael Toecker of Context Industrial Security and a Digital Bond Alumnus. It first appeared on the SCADASEC list. I thought it was great, and Michael kindly allowed us to post it here. The world isn't about just the process anymore, it's not...

Way back at S4xJapan, 2015, Labs did a small research project on DNS domain squatting.  We never thought that it would amount to much in terms of press, but did think that would be a useful talk to spur vendors into action before it was too late. Already we have...

Tomorrow we will be officially opening the S4x17 Call For Presentations (CFP), so I thought it would be the perfect time to highlight one of the S4 Classics to show what a S4 Technical Deep Dive looks like. Watch how Ralph goes through the code/logic in detail so...

A great 22 minute presentation by Ralph Langner of The Langner Group at S4x16. He provides some very specific examples of a cyber / physical attack on nuclear power plants. For example, a cyber attack on all of the feedwater systems. https://youtu.be/LiNtzCibDko What...

We decided to put the IRONGATE video from last week's S4xEurope out first. There is no new big reveal over the information put out in the FireEye article, but Rob provides a lot of context that makes it easier to understand. He also focuses on unanswered questions and...

We were thrilled to add a session by Rob Caldwell / FireEye to next week's S4xEurope agenda when we learned in April about the ICS malware they have named IRONGATE. This is the second biggest ICSsec story of the year to date, albeit a distant second from the Ukrainian...

General Hayden gave the Day 1 Keynote at S4x16 and really brought it. He had strong and often controversial opinions that were well defended. He pointed out where he disagreed with President Obama, FBI Director Comey and most of Europe. Check it out below or...

Billy Rios of Whitescope gives a classic S4 Technical Deep Dive on a medical device called an Infusion Pump at S4x16 in Miami South Beach. He opens them up, shows the hardware, connections between boards, attack paths, default credentials, rogue firmware upload and...

I had the chance to interview Marty Edwards who leads the ICS cyber security effort at the US Department of Homeland Security (DHS). https://youtu.be/BfkR8ElsgHo The first 6 minutes introduce Marty and clarify what ICS-CERT does (it's much more than a CERT). 6:50:...

We will have a series of articles coming soon on the new Siemens S7 PLC security features, and I'm pleased to announce that Oliver Narr of Siemens will join representatives from GE, Rockwell Automation and Schneider Electric on our NextGen PLC Security panel at...

Register for S4xEurope, June 9-10 in Vienna The latest and likely last addition to the S4xEurope agenda is a session I've wanted ever since seeing Tyler Williams from Shell present at the ARC Industry Forum in early 2015. It is a very honest session on Shell's ICS...

Imagine it is that once a decade time when you are installing or performing a significant upgrade to your ICS. Your ICS vendors have spent the last five years adding security controls and developing white papers, install instructions and other tips to better protect...

This is the fourth in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure...

This is the third in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure...

This is the second in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure...

This is the first in a series of articles on a topic of very good news for the ICS community. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure protocols. It's time to plan for your next ICS, or...

Good guy researcher Billy Rios of Whitescope looks at the cyber security of medical devices and found some problems in a device that is no longer sold or supported. 1,418 known vulnerabilities in the Pyxis devices: https://t.co/YaVRP8X97w— Billy Rios (@XSSniper) March...

Rob Lee, Mike Assante and Tim Conway released their analysis of the cyber attack on a Ukrainian power distribution system. It's good work as expected from that crew, but they state "This report does not focus on attribution of the attack." Their focus is on lessons to...

My last two articles covered the negligible risk reduction of applying security patches to Insecure By Design Devices and the minimal risk reduction of applying security patches to Insecure By Design Zones. The good news is eliminating this activity gives you and your...

My last article made the case that there is only trivial risk reduction in applying security patches to Insecure By Design applications and devices. Now consider the actual risk reduction achieved by patching computers in Insecure By Design Zones. An Insecure By...

At S4xJapan, we presented a small internal research project on DNS squatting. The topic has been refreshed in my mind because of a recent Cylance report on Japanese critical infrastructure being breached by watering hole attacks (see their SPEAR team report on the...

This was the topic of my talk at the SANS ICS Security Summit in Orlando. Take a look at the presentation below, and I'll write a few posts to give context to the key points. http://www.slideshare.net/dgpeters/should-i-patch-my-ics Most asset owner ICS Security...

There are two things that I hate in the world this morning: the term ‘IoT’, and the fact that ICS slave devices are the ones which run server software.  Sometimes, two bad thoughts do make a good one.  This morning is one of those times. A common...

Trying to make this easy for people at S4x16 or lurking on the Internet. Here are the links for the input we are seeking. Thursday Flash Panel We will select the panelists and the questions based on your nominations and votes. Link to Nominate and Vote on the...