We are back on the Portaledge project, and if our loyal readers remember this year’s tasks are to develop the capability for the PI Server to perform the automated security monitoring for CIP-5 and CIP-7. These modules, as will a NERC CIP approach, will work for...
In mid-December we completed the Quickdraw project which creates security events for legacy PLC’s that lack a security event logging capability. In the following weeks I will write a blog series on Quickdraw, but a lot of this work involves adding SCADA...
The activity of disclosed ICS vulnerabilities has increased gradually over the years and significantly since Stuxnet. A quick look at the last five products with published vulns on ICSCERT leads to two easy conclusions: The security community is locating free trial...
Happy New Year to all our loyal blog readers with special thanks to those that contributed through the comments last year. I enter the year with a strong feeling of optimism for the control system community. There are not an irrefutable, or even compelling, set of...
The initial focus of Stuxnet was the Windows 0days and impact on the PC’s. Slowly people started to focus on the impact to the PLC’s and process. But I hadn’t heard much about Stuxnet as a new vulnerability exploit platform approach until the...
In my last post I introduced Malcolm Gladwell’s Capitalization of Talent concept and concluded that the capitalization rate of SCADA security talent in the control system community rate is low. Here are some reasons why in no particular order: Security 101 is...
Almost everyone in the community, even the optimists like myself who have seen impressive progress by some vendors and owner / operators, bemoan the pace of improved security postures across the control system community. And we try to figure out why this is and how to...
There’s a great write-up on building and maintaining a Windows tiered patching infrastructure over at Ars Technica today. It sets up like this: Windows updates have historically been a constant annoyance for IT staff. Manual updates were a huge pain, and, while...
To a lot of you, this is post isn’t going to tell you anything you don’t already know, but for others I think it needs to be said again. MAC and IP addresses are easily changeable and are useless for authentication. Far too often when we’re on...
Having completed my part of the Quickdraw project, my time at Digital Bond is winding to a halt. But I thought I’d just post a retrospective on some of the things I learned on the Quickdraw project. Because this post is a bit on the long side I have decided to...
