The ICS security community is still tiny, so when a large vendor recruits five or so names in the industry it gets some attention. They are placing at least a small bet that there is enough business to scale to a size worth pursuing. Security vendors have tried...
S4xJapan: October 14-15 in Toyko I had a bit of fun in Tokyo last month creating a logo for S4xJapan. In Japan people use a hanko, an ink stamp, to sign documents ranging from Fedex or Black Cat delivery acknowledgment to important official documents. A hanko is...
The German government’s National Cyber Defense Center has little to show over the last three years, according to the German Government. The Langner Group covers the story of a classified report that was leaked to the press. A small number of employees who lacked...
I attended my first ICSJWG since 2011 last week in Indianapolis. It was an ok event with some interesting talks and a chance to reconnect with familiar faces in the ICS industry. It is however a far cry from the must attend DHS event back when it was called PCSF. I...
I had finished my presentation on a wide variety of topics Big Data / Cloud Computing / Internet of Things / ICS remote access, and the Q&A had started. After stressing in the presentation that ICS data can be shared anywhere without jeopardizing the integrity and...
I’m very pleased to announce Reid Wightman is returning to Digital Bond after a couple of years at IOActive. Reid will be leading a new division, Digital Bond Labs. He will write soon on what Labs is and what it will do, but let me talk about the reason we...
Dark Reading reports this week on Bitsight Technologies security ratings for the utility industry. Bitsight scored the sector as second highest in security posture, with the financial industry rated first. This scoring is primarily based on the corporate network, not...
The idea of ICS security metrics is popular, but actual measurable metrics are rare. The ISA99 committee is tackling this hard problem with Technical Report 62443-1-3 System Security Conformance Metrics, now out for ballot. Section 4.2 Metrics Development Checklist is...
Positive Hack Days in Moscow had a cool Critical Infrastructure Attack contest. “The contest’s participants will have to deal with a thermal power station, transport and city illumination systems and also with cranes and industrial robots.” Looking...
The January – April 2014 edition of the ICS-CERT Monitor was chock full of interesting facts and factoids. Here is what caught my eye. Internet Accessible Control Systems Facts – Three examples of Internet accessible control systems are described. The...
