Some observations after going through the tedious process of creating and modifying Windows service policy checks for an upcoming Bandolier release… 1.) The value of the OS-level audit files is different than I first thought. I blogged about this last year after...
Portaledge is Digital Bond’s control system security research project funded by the US Department of Energy. We recently issued the first release and are nearing the second, so this is a good time to discuss with practical examples, what Portaledge is, how it...
It’s been a little while since we’ve had a Quickdraw update, and I wanted to fill everyone in on how we’re doing and the approach we’re using. As we’ve described before we’re basing the project on the snort 2.8.x tree, and we could do...
Many of us in the Control System community feel pretty secure in the belief that our critical networks are not directly connected to the internet, and as such are insulated from attack. Apparently (and as oft has been stated) this is not sufficient protection, if the...
Two weeks ago I was fortunate, along with about one hundred others, to be invited to an initial planning meeting of DHS’s Industrial Control System Joint Working Group [ICSJWG]. Here are some thoughts after a few weeks to ponder what happened there. ICSJWG is...
NERC entities declaring no critical assets may want to take another look at their risk based assessment methodologies. Michael Assante, NERC CSO, issued a letter to industry today that challenges self certification survey results that show only 31 percent of all...
I’ll start off by saying don’t believe all the FUD that’s been going around, we all know how many members of the media area when they get hold of a story, especially one that can have a date in the future to speculate on. That said, there are definitely...
An IM discussion with Jason Holcomb in regards to his recent post set my mind in motion. English philosopher/logician William Ockham postulated in the 14th century(quoting Wikipedia) “When multiple competing hypotheses are equal in other respects, the...
The disclosure debate is raging once again and its even seeing some discussion on the SCADA mailing lists. This was stirred up by the No More Free Bugs “campaign” announced at Cansecwest by Miller, Sotirov, and Dai Zovi. Accomplished guys and names that...
How Vulnerable is U.S. Infrastructure to a Major Cyber Attack?”. I wanted to point this one out for a couple of reasons. First, it’s a decent high level treatment of the topic. Even though it starts out with the doomsday scenario, alternate viewpoints are...
