The Cisco blog provides broad details on six watering hole attacks on energy sector sites. ICS vendor support sites are high value targets for any group targeting critical infrastructure. T&D World published a brief summary of the 11 ICS Security Research Projects...
I will be presenting at EnergySec 2013 in Denver this year, and will be at the conference to hear some of the great lineup that the EnergySec crew has put together. The EnergySec organization was originally formed as a loose group of security, response, and...
Apologies for the lack of posts and slow approval of comments this week. Most of the team was in a very low bandwidth environment. Tenable Network Security, most famous for Nessus, has released Version 4.0 of the Passive Vulnerability Scanner (PVS). We have always...
The US National Science Foundation (NSF) has provided another $1.6M to a university group led by the University of Illinois to detect and prevent attacks on the power grid. The most interesting part is the use of the Bro network security monitor. So Bro should have...
Ralph Langner is best known for discovering how Stuxnet actually altered the logic in the Iranian’s S7 PLCs, but he has a history of great research prior to that and is a strategic thinker as well. We gave his last book, Robust Control System Networks, a five...
The US Government (NIST) has published A Discussion Draft of the Preliminary Cybersecurity Framework (pdf). This is a key preparatory document to read if you are attending the fourth workshop in Dallas, Texas on Sept 11-13. Patrick Coyle highlighted the US Department...
It started innocently enough with a tweet from Joel Langill. MS Warns of Permanent 0Day Exploits for WinXP http://t.co/MAyY7lYyQ8#SHnews huge impact to legacy #ICS – why you need more than patch mgmt — SCADAhacker (@SCADAhacker) August 26, 2013 and my response:...
OSIsoft was a strong and early supporter of the Bandolier Security Audit Files and providing guidance to their customers on the optimal security configuration for the PI Server. They are now releasing a tool similar to Bandolier that will audit the PI Server security...
The GE D20MX RTU is the latest example of a brand new, top of the line ICS field device that can be easily be compromised because the ICS protocols it supports are insecure by design. Who cares about security features, and even vulnerabilities, if an attacker can use...
The cancellation of the semi-annual conferences has curtailed ICSJWG public/private partnership efforts. Ostensibly this is due to the sequester. ICSJWG is now moving towards a quarterly webinar series on basic ICS security topics. On Oct 28-29 FIRST is holding a...