2016 Articles

Attack On Ukraine Power Grid Added To S4x17 Agenda

Attack On Ukraine Power Grid Added To S4x17 Agenda

Learn More and Register For S4x17, Jan 10-12 in Miami South Beach We have learned in recent years to leave a slot or two for late breaking attacks on ICS or hot research in the S4 agenda. Ukraine has helped fill this spot now for the second year in a row. We know that...

read more
Secure ICS Protocols at S4

Secure ICS Protocols at S4

2016 was a turning point with secure ICS protocols. For a while it was limited primarily to OPC UA and DNP3 SA, but 2016 brought us a secure version of CIP / Ethernet/IP, Secure Modbus and a couple of others that will soon be unveiled. This should be enough...

read more
Ransomware Hitting ICS

Ransomware Hitting ICS

There are two sessions at S4x17, Jan 10-12 in Miami South Beach, covering actual ransomware incidents in ICS. Marcelo Branquinho of TI Safe will go over two case studies that occurred in South America on the Main Stage, and RSA will discuss an ICS ransomware case in...

read more
More S4 CTF Tips and Info

More S4 CTF Tips and Info

Register for S4x17 now! Ticket Block 151 - 200 on sale now for $1,395. First - Reid provided me with the official Killer Robots, Inc logo. Second - My thoughts on who should consider participating in the S4 ICS CTF. A person with hacking skills, but little experience...

read more
Developing Next Generation of ICS Security Talent

Developing Next Generation of ICS Security Talent

We wanted to do it at S4x16, but couldn't get it done. It's going to happen at S4x17. A South Florida High School Class will go through two days of hands on automation and security training with Matthew Luallen and the CybatiWorks kit, and then 12 of the students and...

read more
Killer Robots, Inc. at S4xCTF

Killer Robots, Inc. at S4xCTF

OSIsoft is back again as a S4xCTF sponsor, and they are bringing back Killer Robots, Inc. with new and unsolved flags from last year. Enter Harry Paul of OSIsoft to give you some information and hints to help you get some of the PI System related flags in the S4x17...

read more

Great Content on Sponsor Stage at S4x17

See the S4x17 Agenda and Register Now We had a number of sponsors at S4x16 complain that few of the 300 attendees came to their talk, although a few were standing room only. So this year we were blunt, your sponsor session is competing against quality content on...

read more
What Do You Want To Ask Justine Bone of MedSec?

What Do You Want To Ask Justine Bone of MedSec?

Submit and Vote on Questions for Justine Bone of MedSec I am pleased to announce that Justine Bone of MedSec agreed to an interview on the Main Stage at S4x17. Vulnerability disclosure is and has been a contentious topic in ICS. I generally don't write much about it...

read more
How Deep Is Your ICS Deep Packet Inspection (DPI)

How Deep Is Your ICS Deep Packet Inspection (DPI)

Check out the S4x17 Agenda At A Glance and Register Now The industrial firewall and ICS anomaly detection markets are getting very crowded. The industrial firewall market is older, but it is still expanding both in specialized ICS firewalls and enterprise firewalls...

read more
Serial Killers: Ethernet/Serial Gateways Exposed

Serial Killers: Ethernet/Serial Gateways Exposed

One of the nastiest aspects of the attack on the Ukrainian Electric Distribution System was bricking the Moxa Ethernet-to-Serial gateways. Industry insiders have known these little devices were a security problem. Reid goes over the timeline when it was disclosed to...

read more

Reid Wightman Starts New Company: RevICS

After two years establishing and running Digital Bond Labs, Reid and I have decided that it makes more sense to run this as a stand alone business. So I have the honor to be the first to announce and congratulate Reid on his new company: RevICS. In all candor I've...

read more
The Ghost of S4 CTF Past

The Ghost of S4 CTF Past

We have been preparing some new and interesting challenges for the S4 CTF this year, and I think that players will have a lot of fun with what we have in the works.  We have a number of nice challenges that involve breaking and entering into our ‘Killer Robot...

read more

S4 Video: Attacking The Plant Through WirelessHART

There are two weeks left to submit your session proposal for the S4x17 Main Stage or Stage 2: Technical Deep Dives. Take a look at the Call For Presentations and submit this month. Subscribe to The S4 Events YouTube Channel This S4xVideo is a great example of what we...

read more
Why Invest In Complexity (Toecker)

Why Invest In Complexity (Toecker)

This guest post is by Michael Toecker of Context Industrial Security and a Digital Bond Alumnus. It first appeared on the SCADASEC list. I thought it was great, and Michael kindly allowed us to post it here. The world isn't about just the process anymore, it's not...

read more
DNS Slides and Tools Release

DNS Slides and Tools Release

Way back at S4xJapan, 2015, Labs did a small research project on DNS domain squatting.  We never thought that it would amount to much in terms of press, but did think that would be a useful talk to spur vendors into action before it was too late. Already we have...

read more
S4x17 Call For Presentations

S4x17 Call For Presentations

Today through August 31st the S4x17 Call For Presentations is open. It is the place to present advanced topics in ICS and related fields to an audience will get it. The process is real simple. Send an email with 2 or 3 paragraphs on your session idea to...

read more

S4 Classic Video: Langner’s Stuxnet Deep Dive

Tomorrow we will be officially opening the S4x17 Call For Presentations (CFP), so I thought it would be the perfect time to highlight one of the S4 Classics to show what a S4 Technical Deep Dive looks like. Watch how Ralph goes through the code/logic in detail so...

read more

S4xEurope Video: IRONGATE – Technical Deep Dive

We decided to put the IRONGATE video from last week's S4xEurope out first. There is no new big reveal over the information put out in the FireEye article, but Rob provides a lot of context that makes it easier to understand. He also focuses on unanswered questions and...

read more

Why IRONGATE Is A Big ICS Security Story

We were thrilled to add a session by Rob Caldwell / FireEye to next week's S4xEurope agenda when we learned in April about the ICS malware they have named IRONGATE. This is the second biggest ICSsec story of the year to date, albeit a distant second from the Ukrainian...

read more

S4x16 Keynote Video – General Michael Hayden

General Hayden gave the Day 1 Keynote at S4x16 and really brought it. He had strong and often controversial opinions that were well defended. He pointed out where he disagreed with President Obama, FBI Director Comey and most of Europe. Check it out below or...

read more
S4x16 Video: Billy Rios … Infusion Pump Teardown

S4x16 Video: Billy Rios … Infusion Pump Teardown

Billy Rios of Whitescope gives a classic S4 Technical Deep Dive on a medical device called an Infusion Pump at S4x16 in Miami South Beach. He opens them up, shows the hardware, connections between boards, attack paths, default credentials, rogue firmware upload and...

read more
Shell Added To S4xEurope Agenda

Shell Added To S4xEurope Agenda

Register for S4xEurope, June 9-10 in Vienna The latest and likely last addition to the S4xEurope agenda is a session I've wanted ever since seeing Tyler Williams from Shell present at the ARC Industry Forum in early 2015. It is a very honest session on Shell's ICS...

read more
Push Your ICS Vendor / Integrator To Do It Right

Push Your ICS Vendor / Integrator To Do It Right

Imagine it is that once a decade time when you are installing or performing a significant upgrade to your ICS. Your ICS vendors have spent the last five years adding security controls and developing white papers, install instructions and other tips to better protect...

read more
Great Agenda For S4xEurope, June 9-10 in Vienna

Great Agenda For S4xEurope, June 9-10 in Vienna

See the full S4xEurope agenda and register here We have been adding sessions to the S4xEurope program over the last few weeks, and it has rounded into a great event for anyone interested in advanced ICS cybersecurity information. We assume attendees know what a PLC...

read more
Basecamp Redux: Secure ICS Protocols in Modicon M580

Basecamp Redux: Secure ICS Protocols in Modicon M580

This is the third in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure...

read more
Basecamp Redux: Integrity in Modicon M580

Basecamp Redux: Integrity in Modicon M580

This is the second in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure...

read more
Felix ‘FX’ Lindner Added To S4xEurope Lineup

Felix ‘FX’ Lindner Added To S4xEurope Lineup

We are pleased to announce that Felix 'FX' Lindner will be speaking on Friday morning at S4xEurope, June 9-10 in Vienna. FX has been a keynote and headline speaker at just about every major cyber security event around the world. I believe his work and views on trust...

read more
Moxa Vulnerability Advisory

Moxa Vulnerability Advisory

After trying to work with Moxa for over 8 months, Labs decided that it was time to reveal some information (and most importantly, some mitigation advice) about NPort serial converter issues. Labs published an advisory last week concerning Moxa NPort 5000 and 6000...

read more
Project Basecamp Redux: The Death of Insecure By Design

Project Basecamp Redux: The Death of Insecure By Design

This is the first in a series of articles on a topic of very good news for the ICS community. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure protocols. It's time to plan for your next ICS, or...

read more
S4xEurope Agenda Up / Registration Open

S4xEurope Agenda Up / Registration Open

S4 is coming to Europe, specifically the Grand Hotel Wien in Vienna, Austria June 8-10. The first draft of the agenda is up and registration is open. Here are some highlights: Wednesday, June 8th we have three optional training courses with Alexander Bolshev, Joel...

read more
1418 Vulnerabilities In A Medical Device – What Now?

1418 Vulnerabilities In A Medical Device – What Now?

Good guy researcher Billy Rios of Whitescope looks at the cyber security of medical devices and found some problems in a device that is no longer sold or supported. 1,418 known vulnerabilities in the Pyxis devices: https://t.co/YaVRP8X97w— Billy Rios (@XSSniper) March...

read more

Utilities Caught In The Crossfire

Rob Lee, Mike Assante and Tim Conway released their analysis of the cyber attack on a Ukrainian power distribution system. It's good work as expected from that crew, but they state "This report does not focus on attribution of the attack." Their focus is on lessons to...

read more
Project Basecamp Foreshadows Ukraine Bad Firmware Upload

Project Basecamp Foreshadows Ukraine Bad Firmware Upload

There are so many great examples and lessons to be learned from the cyber attack that caused the Ukrainian power outage on December 23rd. Kim Zetter of Wired has one of the best articles on this if you want the public version of the full story to date. The remote...

read more
So What Should I Bother Patching In My ICS?

So What Should I Bother Patching In My ICS?

My last two articles covered the negligible risk reduction of applying security patches to Insecure By Design Devices and the minimal risk reduction of applying security patches to Insecure By Design Zones. The good news is eliminating this activity gives you and your...

read more
Patching Insecure By Design Zones

Patching Insecure By Design Zones

My last article made the case that there is only trivial risk reduction in applying security patches to Insecure By Design applications and devices. Now consider the actual risk reduction achieved by patching computers in Insecure By Design Zones. An Insecure By...

read more
DNS Squatting and You

DNS Squatting and You

At S4xJapan, we presented a small internal research project on DNS squatting. The topic has been refreshed in my mind because of a recent Cylance report on Japanese critical infrastructure being breached by watering hole attacks (see their SPEAR team report on the...

read more
Should I Apply Security Patches to My ICS?

Should I Apply Security Patches to My ICS?

This was the topic of my talk at the SANS ICS Security Summit in Orlando. Take a look at the presentation below, and I'll write a few posts to give context to the key points. http://www.slideshare.net/dgpeters/should-i-patch-my-ics Most asset owner ICS Security...

read more
S4xEurope Call For Presentations

S4xEurope Call For Presentations

It's true. We finally listened to loyal readers and S4 attendees and are bringing the event to Europe. S4xEurope will be June 9-10 in Vienna Austria at the Grand Hotel Wien. We may have some training courses on June 8th if you have any ideas. It's a very...

read more

This Cloud (might) have a Silver Lining

There are two things that I hate in the world this morning: the term ‘IoT’, and the fact that ICS slave devices are the ones which run server software.  Sometimes, two bad thoughts do make a good one.  This morning is one of those times. A common...

read more
S4x16 Is A Wrap

S4x16 Is A Wrap

300 of the best and brightest in ICS Cyber Security from around the world were in Miami South Beach last week for Digital Bond's S4x16. And the social events and structure of S4x16 gave ample time and fun opportunities to establish and grow the relationships so...

read more

S4x16 Polling Links

Trying to make this easy for people at S4x16 or lurking on the Internet. Here are the links for the input we are seeking. Thursday Flash Panel We will select the panelists and the questions based on your nominations and votes. Link to Nominate and Vote on the...

read more

UPCOMING EVENTS

Sept 19-20 in Sochi, Russia

I'll give a keynote at the Kaspersky Industrial Cybersecurity Conference 2019. I spoke at this event in 2017, and Kaspersky is always a tremendous host. Hopefully some of my Russian followers will be there.

S4x20 ... Jan 21 - 23 in Miami South Beach

Make sure you mark your calendar for the largest and most advanced OT / ICS Security event. And you can catch up on past S4 on the S4xEvents YouTube Channel.

2019 PAST EVENTS

April 11th in Cebu

A private event where I'll discuss the future of attacks on and defense of Level 1 devices (PLC's). A lot changed in 2018, and this is just a hint as to what is coming.

March 5th in San Francisco

I moderated an event by the Basque Cybersecurity Centre to promote leading edge cybersecurity countries in the region. 

February 4th in New Orleans

Best Practices in Utility Security at Distributech. (See the video) I spoke about Real Time Network and Asset Monitoring at this new event. Lot's to say after the S4x19 ICS Detection Challenge experience.

 

 

2016 Articles

by | May 12, 2019