Because NERC CIP is the regulatory force for cyber security in the electric sector, I tend to do a lot of work with clients on how to best to implement the various technical and administrative requirements. CIP-003-3 R6 requires that owners establish and document a...
Hugo Teso of n.runs had a detailed presentation on aircraft communications and systems and how to hack them at Hack-In-The-Box Amsterdam. Aviation companies were quick to disagree with Teso’s contentions. Outside our area of expertise so we can’t comment...
I am excited to announce that I have started working at Digital Bond. I have a bachelors degree in Computer Science from Southern Illinois University – Carbondale. Before joining Digital Bond I worked at the Tennessee Valley Authority for over 6 years. In that time I...
Chris Jager is a freelance security consultant who is always looking for interesting projects related to NERC CIP or ICS cybersecurity. In this four-part guest post series, he goes over changes to the NERC CIP standards and challenges facing the industry as they...
In one year, April 9th, 2014, Windows XP is at End of Support, meaning that no new updates, security patches, or technical assistance will be available from Microsoft. Ever. If you are a responsible automation vendor, you’ve made plans to get your products...
Chris Jager is a freelance security consultant who is always looking for interesting projects related to NERC CIP or ICS cybersecurity. In this four-part guest post series, he goes over changes to the NERC CIP standards and challenges facing the industry as they...
For a bit of history that we all know, ICS wasn’t originally built to be patched and updated on a regular basis. In an automation world that demanded static systems that could perform their function day after day with limited intervention, this wasn’t...
A NATO research team of experts has determined that Stuxnet was an act of war. “Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force.” The use of force is only allowed in self-defense. Want to weigh in on how government...
We added some brief, 15-minute sessions to S4x13, and Chris Sistrunk of Entergy briefly describes how they calculated the risk of each RTU in their system. They calculate the probability of compromise/failure based on the vendor/model, considering items like the age...
Chris Jager is a freelance security consultant who is always looking for interesting projects related to NERC CIP or ICS cybersecurity. In this four-part guest post series, he goes over changes to the NERC CIP standards and challenges facing the industry as they...
