Back on 5 July 2012 we added a counter in the right column of our home page: “Schneider Has Not Removed Modicon FTP Backdoor Accound in xxx days.” This was prompted by Ruben Santamarta’s disclosures of the account, but was based off of a December...
The official title of Jason Holcomb’s (Lockheed Martin) session was Turning the Tables: Transformation to Intelligence Driven Defense for ICS, but the thrust of his talk is describing how the cyber kill chain can be used in ICS. The cyber kill chain steps for a...
NIST held the second workshop on the US Cybersecurity Framework this week in Pittsburgh, and the main session was viewable on the Internet. You can view the tweets at #nistcsf, and Cynthia Brumfield has published her thoughts on the workshop. The next workshop is in...
Michael Toecker’s session at S4x13 focused on two things. How secure are the applications that engineers use to configure relays in the electric grid? Prominent examples are GE’s Enervista and SEL’s AcSELeratorIs Microsoft’s Attack Surface...
Digital Bond developed the first SCADA IDS rules back in the middle of the last decade with the help of a DHS research contract. Those rules were integrated into most commercial IDS. A second DHS research contract funded the development of the Quickdraw IDS...
Want to learn how Ruben Santamarta found the TURCK backdoor disclosed last week by ICS-CERT? Read his article on Identify Back Doors in Firmware By Using Automatic String Analysis. He pulls out the strings from firmware and then uses a tool he wrote called...
There is a tactic in sales and marketed called ‘FUD’. Many of us are familiar with it, most of us have encountered it. It stands for “Fear, Uncertainty, and Doubt”, and the tactic involves influencing perceptions with overwhelming amounts...
Dave McGurdy, President & CEO of the American Gas Association (AGA), will testify before the US House Committee on Energy and Commerce. He has published his testimony (ht: patrick coyle). After singing the praises of their industries efforts on ICS security and...
There has been a common theme in cyber security to have great discoveries follow on the heels of new tools. This situation exists in the sciences in general, and has been described by Isaac Newton, Stephen Hawking, and others as “standing on the shoulders of...
Odd and troubling week. DHS Secretary Napolitano announced Enhanced Cybersecurity Services — the US Government will share information on 0days and threats via a paid service offered by private government contractors like AT&T, Raytheon and Northrup Grumman....
