This is the first in a series of articles on a topic of very good news for the ICS community. A panel at S4xEurope will highlight Secure PLC’s, and the event includes other sessions on PLC integrity and ICS secure protocols. It’s time to plan for your next...
S4 is coming to Europe, specifically the Grand Hotel Wien in Vienna, Austria June 8-10. The first draft of the agenda is up and registration is open. Here are some highlights: Wednesday, June 8th we have three optional training courses with Alexander Bolshev, Joel...
Good guy researcher Billy Rios of Whitescope looks at the cyber security of medical devices and found some problems in a device that is no longer sold or supported. 1,418 known vulnerabilities in the Pyxis devices: https://t.co/YaVRP8X97w— Billy Rios (@XSSniper) March...
Rob Lee, Mike Assante and Tim Conway released their analysis of the cyber attack on a Ukrainian power distribution system. It’s good work as expected from that crew, but they state “This report does not focus on attribution of the attack.” Their...
There are so many great examples and lessons to be learned from the cyber attack that caused the Ukrainian power outage on December 23rd. Kim Zetter of Wired has one of the best articles on this if you want the public version of the full story to date. The remote...
My last two articles covered the negligible risk reduction of applying security patches to Insecure By Design Devices and the minimal risk reduction of applying security patches to Insecure By Design Zones. The good news is eliminating this activity gives you and your...
My last article made the case that there is only trivial risk reduction in applying security patches to Insecure By Design applications and devices. Now consider the actual risk reduction achieved by patching computers in Insecure By Design Zones. An Insecure By...
At S4xJapan, we presented a small internal research project on DNS squatting. The topic has been refreshed in my mind because of a recent Cylance report on Japanese critical infrastructure being breached by watering hole attacks (see their SPEAR team report on the...
This was the topic of my talk at the SANS ICS Security Summit in Orlando. Take a look at the presentation below, and I’ll write a few posts to give context to the key points. Should I Patch My ICS? from Digital Bond Most asset owner ICS Security Programs are...
It’s true. We finally listened to loyal readers and S4 attendees and are bringing the event to Europe. S4xEurope will be June 9-10 in Vienna Austria at the Grand Hotel Wien. We may have some training courses on June 8th if you have any ideas. It’s a...
