The Big Remaining Stuxnet Question
As we get ready to hear if President Trump will pull the US out of the Iran Nuclear Deal, it’s worth revisiting the big remaining question and underreported story on Stuxnet: Why Did The US Government Not Care If Or Want Iran To Discover Stuxnet? Full credit for...Press Coverage of ICS Security
This was a fun panel discussion on the S4x18 Main Stage with Kelly Jackson Higgins of Dark Reading and Jim Finkle of Reuters. http://traffic.libsyn.com/unsolicitedresponse/PressPanel.mp3 We covered a lot of grounds in a frank discussion including: Who is your reader?...PODCAST: IATROGENICS – HARM DONE BY THE HEALER
Nassim Taleb discusses the concept of Iatrogenics in his book Antifragile. It is commonly applied to medicine, but Taleb applies it to the financial market and proposes it could be applied to other areas. We had a panel at S4x18 that dug into the issue of how to determine when security controls are doing more harm than good.
I was joined on stage by Jake Brodsky and Joel Langill. Jake is famously conservative when it comes to applying security controls, and Joel is a big proponent of some security controls that Jake would pass on. And all three of us are highly opinionated, so it made for an interesting discussion.
S4x18 Debate: Enterprise SOC or OT SOC?
This was a great debate from S4x18. Many owner / operators have an Enterprise Secure Operations Center (SOC), and they are considering how best to handle OT incident detection and response. There are two main approaches: 1. Add OT data and incident response capabilities to an Enterprise SOC or 2. Set up and run a SOC dedicated to the OT environment.
PODCAST: ICS DETECTION CHALLENGE INTERVIEWS
Dale Peterson interviews the ICS Detection Challenge Winner – Claroty and the runners up – Nozomi and Security Matters. They discuss where the competitors did well, how the products are likely to improve in the future, and what the future direction of the ICS product detection category is likely to be.
PODCAST: ICS DETECTION CHALLENGE ANALYSIS
The ICS Detection Challenge at S4x18 last January pitted Claroty, Gravwell, Nozomi and Security Matters in a competition to determine who could create the most complete asset inventory and who could do the best job detecting attacks through passive ICS network monitoring only. Dale Peterson and Eric Byres discuss the packets used in the test and analyze the results. What this product category can and cannot do. The last 15 minutes talking about the future of the ICS Detection product category.
MEDICAL CYBERSECURITY & DENSE VULNERABILITIES
After quickly agreeing that vulnerabilities in medical devices & software are dense, Dale Peterson and Josh Corman discuss where time and money should be spent on improving Medical Sector cybersecurity. Does the find and patch vulns make sense when the vulns are dense? Why does a hospital shut down for a week when a single application has an exploited vuln? How is the FDA doing in forcing change? What can we expect in the future. This and more in this episode.
ICS DETECTION CHALLENGE RESULTS – PART 2
The Asset Identification and Inventory results from the Challenge showed the potential of these solutions, but also the limitations due to maturity and a passive only approach. Claroty won the Asset Identification phase by identifying the largest number of assets (device type and vendor) with a score of 23, followed by Nozomi and Security Matters with a score of 20. Nozomi clearly provided the most detail in their asset inventory and was the only competitor to identify the key SCADA system. Security Matters did the best in identifying CVE’s for the asset inventory.
ICS DETECTION CHALLENGE RESULTS – PART 1
The Detection Phase of the ICS Challenge was won narrowly by Claroty (24) over Nozomi Networks (22) and Security Matters (22). Congratulations to the Claroty product and team. The final score was not as interesting as what was detected, what was missed, and conclusions about this product class. This post has five conclusions Dale pulled from the scoresheets and interviews, notes on the scoring methodology and deficiencies, and a chart showing the 19 incidents inserted into the packet capture.