Back in ~2004 I started teaching a 3-day course on SCADA Security for Infosec Institute. Back then the term ICS didn’t exist, and the INL/DHS courses were the only other options. I left the class after about 18 months with the realization training is hard work...
Digital Bond is pleased to announce our first S4 event outside of the US … S4xJapan on October 14 – 15 in Tokyo. The call for papers will come out on May 1st, and the event will open for registration on August 1st. Here is some advance information: The...
Spring is here, and that means generally cool, but not cold days. Days where the wind blows through open windows, a light jacket is all you need for walking around, and both Daylight Savings Time and the axial tilt of this wonderful planet have graced us...
This excellent session by Alexander Bolshev (@dark_k3y) was a very pleasant surprise, and it’s a bit frustrating that it is one of the three lost S4x14 videos. We were concerned that it would be a bit S4x13 / insecure by design / low hanging fruit, but HART has...
Next week look for our announcement of S4xJapan. Dates are set; venues are booked; and we have a great plan to make this a first of its kind event in Japan. Also, Japanese readers should check out digitalbond.jp. We finally found some quality translators fluent in...
Yesterday’s post on the CIPC meeting in St. Louis got a little long, thanks to exposition from me regarding the ES-ISAC. If you find yourself wondering what I’m talking about, take a look at the post. Onward… NERC staff also discussed the kickoff...
CIPC met this past week in St. Louis, with a good agenda of cyber, physical, and compliance items. A bit of background for non-CIP folks, the CIPC stands for Critical Infrastructure Protection Committee, an advisory panel to NERC and the ES-ISAC “in the...
We lost three S4x14 videos due to technical difficulties at the end of the day on Wednesday. One of them was a great session from Stephen Dunlap and Jonathan Butts of the Air Force Institute of Technology entitled PLC Code Protection. The presentation slides from that...
It is close to a universal truth that vendors in all industries do not handle their first vulnerability disclosure incident well. We now know the same is true of User Groups with the DNP3 User Group as an example. The widespread DNP3 implementation vulnerabilities...
Sean McBride of Critical Intelligence asserted at an RSA session it was a contractor named NEDA that introduced Stuxnet into Natanz. Mark Clayton broke the news in this article, and here is a link to Sean’s RSA slides. Industrial Defender announced ASM support...
