Friday News & Notes

The Cisco blog provides broad details on six watering hole attacks on energy sector sites. ICS vendor support sites are high value targets for any group targeting critical infrastructure. T&D World published a brief summary of the 11 ICS Security Research Projects...

Digital Bond is at EnergySec 2013

I will be presenting at EnergySec 2013 in Denver this year, and will be at the conference to hear some of the great lineup that the EnergySec crew has put together. The EnergySec organization was originally  formed as a loose group of security, response, and...

Friday News & Notes

Apologies for the lack of posts and slow approval of comments this week. Most of the team was in a very low bandwidth environment. Tenable Network Security, most famous for Nessus, has released Version 4.0 of the Passive Vulnerability Scanner (PVS). We have always...

Friday News & Notes

The US National Science Foundation (NSF) has provided another $1.6M to a university group led by the University of Illinois to detect and prevent attacks on the power grid. The most interesting part is the use of the Bro network security monitor. So Bro should have...

Langner’s RIPE

Ralph Langner is best known for discovering how Stuxnet actually altered the logic in the Iranian’s S7 PLCs, but he has a history of great research prior to that and is a strategic thinker as well. We gave his last book, Robust Control System Networks, a five...

Friday News & Notes

The US Government (NIST) has published A Discussion Draft of the Preliminary Cybersecurity Framework (pdf). This is a key preparatory document to read if you are attending the fourth workshop in Dallas, Texas on Sept 11-13. Patrick Coyle highlighted the US Department...

Chicken, Egg, and Chicken Omelette with Salsa

It started innocently enough with a tweet from Joel Langill. MS Warns of Permanent 0Day Exploits for WinXP http://t.co/MAyY7lYyQ8#SHnews huge impact to legacy #ICS – why you need more than patch mgmt — SCADAhacker (@SCADAhacker) August 26, 2013 and my response:...

Friday News & Notes

OSIsoft was a strong and early supporter of the Bandolier Security Audit Files and providing guidance to their customers on the optimal security configuration for the PI Server. They are now releasing a tool similar to Bandolier that will audit the PI Server security...

ICS Protocols Make New GE D20 RTU Still Insecure By Design

The GE D20MX RTU is the latest example of a brand new, top of the line ICS field device that can be easily be compromised because the ICS protocols it supports are insecure by design. Who cares about security features, and even vulnerabilities, if an attacker can use...

Friday News & Notes

The cancellation of the semi-annual conferences has curtailed ICSJWG public/private partnership efforts. Ostensibly this is due to the sequester. ICSJWG is now moving towards a quarterly webinar series on basic ICS security topics. On Oct 28-29 FIRST is holding a...