Eric Byres suggested we take our back and forth from the blogs to the stage at S4x14. I had 5 minutes to explain why SCADA Apologist, as I claim Eric is, are a major impediment to progress in ICS security. Then Eric had 5 minutes to respond why he was a SCADA Realist...
With all the furor about S4 over the past week, our readers may have missed some of the developments on the NERC CIP front. Last week, NERC and electric power representatives (and a bunch of us consulting folks) met in both Phoenix and Atlanta for a one-day conference...
We hear all the time about the lifecycle of ICS software and hardware being measured in decades rather than years. So even if new code goes through a security development lifecycle (SDL), the ICS community has a large amount of legacy code with latent vulnerabilities...
The NY Times reported NSA Devises Radio Pathway Into Computers. This program fits perfectly into my Preparation and Persistence talk at ICSage and the motivation behind the PLCpwn. I’ll have more on this when we post the PLCpwn video, but readers can think about...
As discussed in an earlier blog, attendees of S4x14 wanted to interact with ICS devices they may not have seen before, or even in some case just wanted more practice with devices they know quite well. It also allowed people from the novice to the advanced to have...
We decided to move up the release of Adam Crain / Chris Sistrunk S4x14 video because DISTRIBUTECH is next week in San Antonio. This is a big electric sector event and the DNP3 Technical Committee meets in conjunction with this event. The story of vulns in the DNP3...
Jason kicked off S4x14 with an instant classic S4 talk, and not because it spawned a lot of triangle jokes. 4kB of free space. That is all Jason had on this sensor to implement the attack and whatever measures to hide the attack from the operator. This is not enough...
At the S4x14 conference in Miami this past week, Alexander Bolshev of ERPScan gave an presentation on his work on the Highway Addressable Remote Transducer protocol (HART). HART is a commonly used industrial protocol for communication over legacy 4-20 ma...
Last Monday was a busy day for Digital Bond and volunteers at S4x14 setting up the ICS Village. Starting with laying out and setting up networks for attendees of the conference to utilize to reach the devices inside the ICS Village. As shown in previous blogs, there...
The ICS Security Research Community is healthier than it has ever been. That’s my conclusion based on the S4x14 sessions and what I discuss in my 11-minute mini-keynote you can watch below. http://vimeo.com/84615727 S4x13 was all about 0days. Session after...
