Save the date: S4x16 is January 12-16 S4x16 is moving to the Fillmore Miami Beach at Jackie Gleason Theater in the heart of South Beach. It’s literally 3 blocks from the beach, 1 block from Lincoln Road and right in the middle of all the SoBe...
I thought I’d take a step back after releasing tools and presenting on CAN to do a quick intro into what communications are going on inside a vehicle anyway. What is CANBus? What is OBDII? Is there a difference? We’re going to skip all the electrical fun parts, the...
Belden buys Tofino, GE buys Wurldtech, Lockheed Martin buys Industrial Defender and now iSight Partners acquires Critical Intelligence. The trend continues of larger organizations buying ICS security expertise. Bob Huber and Sean McBride left Idaho National Labs...
At S4x14 Adam Crain of Automatak, along with Chris Sistrunk, presented the results of their Project Robus that fuzzed DNP3 stacks and found most had problems with processing malformed or illegal responses. This year at S4x15 Adam talked about Avoiding Insecurity...
Part 1 covered the need to pull and publish more useful information from the gathered ICS incident and vulnerability data. Part 2 covers “Are the numbers intentionally misleading? 245 Incidents Reported To ICS-CERT in 2014 Means What? The big statistic picked up...
“There are three kinds of lies: lies, damned lies, and statistics.” Mark Twain (purportedly quoting Benjamin Disraeli) The latest edition of the ICS Monitor, last week’s USA Today articles and the reemergence of Joe Weiss’s secret database...
Andrew Ginter of Waterfall Security Solutions speaks on Embedding Malware in ICS Protocols. His conclusion is this is harder than one thinks. The easier solution might be to use the SQL server, web server, ftp server, or other commonly exploited protocols that...
Eireann Leverett of the University of Cambridge Centre for Risk Studies looks at control system related catastrophe scenarios and the economic impact of these scenarios with an eye towards how insurance and reinsurance policies will be written and priced. Admittedly...
Episode 2015:2 SANS ICS Security Training and Certification SANS provided four individuals for our Unsolicited Response podcast on the 5-day ICS 410: ICS/SCADA Security Essentials training course and the related Global Industrial Cyber Security Professional (GICSP)...
