President Obama tasked NIST with creating a Cybersecurity Framework (CSF) to help secure the critical infrastructure. NIST released Version 1.0 of the CSF on February 12th. We have had a chance to dig into the CSF and even use it in a few consulting engagements, so...
Tofino’s response to Windows XP end of life reminds me of Maslow’s Hammer: “I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.” These industrial firewalls have their place, and we have...
Digital Bond is bringing S4 to Tokyo this October, and we are looking for excellent sessions for the two-day event. The event will be held in English and Japanese with simultaneous translation as appropriate. We welcome your session proposals in English or Japanese as...
Another ICS security acquisition this week – GE buys Wurldtech. Wurldtech is known most for their Achilles fuzz testing tool and certification. It was an early entrant in ICS fuzzing and has strong relationships with Shell and other asset owners and vendors in...
The President/CEOs of the American Public Power Association (APPA), Edison Electric Institute (EEI), and National Rural Electric Cooperative Association (NRECA) felt a recent WSJ article critical of the electric sector’s cyber security “warrants response...
The Department of Energy issued an update to their Cybersecurity Procurement Language for Energy Delivery Systems. Useful document if you are working on an ICS RFP. Will they develop an Appendix that will map the requirement statements to NIST CSF sub-category...
Stephen has been busy cranking out the Project Redpoint Nmap enumeration scripts for ICS applications, devices and protocols. The latest we have made public is a NSE to identify and enumerate EtherNet/IP devices. EtherNet/IP is used in the Logix family of Allen...
Joe Weiss’s annual ICS Security Conference (aka WeissCon) has been on, then off, and now back on again. Well, sort of. SecurityWeek has purchased the event from Joe. The press release states Joe “will remain heavily involved in the event series as a...
Bri Rolston for Idaho National Laboratory (INL) session focuses on a defender using threat intelligence. She makes a hypothesis – “Why isn’t threat intelligence better utilized? The problem is a consumption issue, not data availability”. Bri...
We were thrilled to have some of the world’s top security researchers enter the ICS world and present at S4x14. In this case, S4 veteran Darren Highfill introduced langsec pioneers Sergey Bratus and Meredith Patterson to the world of ICS, and they worked...
