A View on Information Sharing and Threat Intelligence

Guest author Robert Huber is a co-founder of Critical Intelligence, a for profit ICS Cyber Situational Awareness and Threat Intelligence provider. If you look closely at all the banter of information sharing, especially with a focus on the electric sector, you have to...

Friday News & Notes

Phyllis Schneck has been selected to head up the cybersecurity division at the US DHS. Her experience leading InfraGard in its early years should be helpful as it required her to focus on public/private issues and deal with the government bureaucracy. She has some...

Cyber Security or Cybersecurity

Admittedly a trivial post … but what is the proper spelling and usage – cyber security or cybersecurity? I’m going to go back to the classic Military Cryptanalytics by Lambros Callimahos and William Friedman and my early days out of college writing...

Analysis of Government Incentive Proposals

Yesterday the White House announced the consideration of incentives in eight different areas to spur the adoption of the developing cybersecurity framework. Here is a quick analysis of the likelihood of each having an impact on changing behavior, ordered in most to...

Research and Context

We put the Apa and Hollman’s Black Hat paper Compromising Industrial Facilities From 40 Miles Away in the Worth Reading last Friday. Later on Friday Walt Boyes savaged the researchers in a blog entry saying “There’s a word for...

Friday News & Notes

The news this week was dominated by the presentations at Black Hat, DefCon and Bsides Las Vegas. Charlie Miller and Chris Valasek got the most attention for their hacking of a Toyota Prius and Ford Escape. Breaking, accelerating, moving the steering wheel, all from a...

Friday News & Notes

First we had GLEG developing SCADA exploit packs for Immunity’s Canvas. Now ExCraft Labs out of Cypress is producing the SCADA Pack for Core Impact Pro. It includes 50 exploit modules with about 15 0days. Mostly usual suspects of WinCC, Cimplicity, Advantech,...

More on IntegraXor’s Bug Bounty Program

Despite good examples from Google, Microsoft, and others, Bug Bounty programs in SCADA and ICS are very limited. As in nearly non-existent. As in the only one I’ve heard about publicly is IntegraXor’s non-monetary program, which hit mainstream last week. I...

ISO/IEC TR 27019 for Energy Utilities Published

Guest blogger Stephan Beirer is a Senior Information Security Consultant and head of Industrial Control Systems Security at GAI NetConsult GmbH, Berlin/Germany. He is the project editor of TR 27019 at ISO/IEC JTC 1 SC 27 and a domain expert for process control systems...