The Control System Cyber Security Self-Assessment Tool (CS2SAT) was presented at the PCSF Annual Meeting earlier this month. I had promised a review of this tool, and it takes place in two parts. The facts of the CS2SAT are in a SCADApedia entry and my comments on the...
A lot to cover here so I’ll break this into parts. Part 1 – Why Protocol Stack Testing Achilles is a black box testing platform. For those new to testing, the term black box means the tester and tools have no internal knowledge of the device being tested....
Update: Day two details have been added. Today is Solutions Day with four tracks. Nate Kube and I are presenting the Achilles Controller Certification from 10 – noon. LOGIIC First up for me is the Project LOGIIC presentation. I am lying in wait for Q & A...
We are off and running . . . I’d estimate about 150 attendees (officially 200 registrants) and a quick poll showed about 75% are first time PCSF attendees. Nice to see so many fresh faces and asset owners. This PCSF event is taking a different approach in focusing on...
Digital Bond is a small, I like to say boutique, SCADA security research and consulting practice. We try to focus on projects that will have a significant and near term positive impact on the SCADA security community. I believe we have a pretty good track record with...
There has been a fair amount of movement in some of the big names in SCADA security over the last year. To summarize: The latest is Joe Weiss leaving Kema and joining Applied Control Solutions, LLC. A friend pointed this out on the PCSF agenda. I call Joe the Paul...
No Enterprise Network / Control System Firewall Hopefully, you have implemented a firewall capability at the enterprise network / control system perimeter. Consultants use words like best practice, good practice, and recommended practice. There is another term...
Last week the Microsoft Manufacturing User Group (MsMUG) held a three day event with about 150 people in attendence. I was unable to attend because of S4, but I did get some highlights from Jim Bauhs of Cargill. There was a rumor in the community that Microsoft might...
The day kicked off with two complementary OPC Exposed Presentations. Session 7 – OPC Exposed, Part I by Lluis Mora of Neutralbit Lluis’s paper looked at OPC server implementation vulnerabilities. He detailed some of the 24 test cases he ran against 75...
The blog has been very quiet because we have been fully occupied with Digital Bond’s SCADA Security Scientific Symposium (S4). Liveblogging didn’t work well because I was communicating with the Virtual Attendees, handling Q&A, and sitting right next to...
