Long time and loyal blog readers know that Digital Bond and myself personally were early supporters of the Achilles test platform and protocol stack certification. In fact our vocal support even resulted in a contract to help create the Achilles Level 1 Certification...
We have another control system incident in the news that will surely fill up slidedecks for the next decade. News became public yesterday of an arrest of security guard involved in a compromise of the HVAC system, and likely the rest of the hospital network, at...
We are pleased to announce the beta release of some Quickdraw software components today. Quickdraw is a Digital Bond research project funded by the US Department of Homeland Security (DHS). This beta release is the first three SCADA IDS preprocessors that were the...
We have been blogging about the benefits of virtualization in control systems. Asset owners have been reluctant to embrace virtualization until it was blessed by the vendor, and this is understandable. A few vendors have been working on virtualization support, and the...
The NERC CIP cyber security work in the electric sector has been fast and furious as deadlines approach, as have the comments on the value, or lack thereof, of this effort. I am very confident in the following two conclusions based on working with many of the asset...
Often times those involved in operating critical infrastructure are given a false sense of security when looking over the daily stream of vulnerability disclosures and patch information, as these feeds/lists seems to seldom contain anything specific about their...
Recently, two members of the European Commission, Viviane Reding and Meglena Kuneva, proposed that the European Union’s (EU) consumer protection rules for physical products be extended to software. This expansion of the consumer protection rules to include...
This is a little deviation from our usual critical systems, but considering it is a tool that heavily influences whether a guilty person goes free or an innocent one goes to jail it seems critical to me. In the State v. Chun case the defendant argued for analysis of...
George Will wrote an interesting column on folly of government pursuing rules and executive actions to achieve impossible goals. Here is key paragraph in the typical Will style: Gulliver’s travels took him to the Academy of Lagado, where “professors...
Yes, you read the title correctly. There is a new and improved security driven version of Windows being distributed. The National Institute for Standards and Technology, the Defense Information Systems Agency and the Center for Internet Security consulted on this...
