S4x13 generated a lot of news and was great fun this week. Amazing hanging out with so many smart and interesting people in ICSsec. I’ve got a ton of notes and interesting items for articles next week. And we will start posting the videos on the S4x13 Vimeo...
Guest author Patrick Coyle covers Chemical Sector security, cybersecurity legislation and ICS security on his Chemical Facility Security News. Last month the American Chemistry Council announced that it had, in conjunction with the Infrastructure Security Compliance...
Patrick Coyle’s Chemical Facility Security News site has started the 113th Congress Legislation page for cyber security legislation with emphasis on ICS. He has the go to site for US legislation news and analysis. Was Stuxnet “a prohibited use of...
Last week’s article in the New York Times is highlighting an issue most IT and ICS professionals have known for a while: Anti-Virus sucks. Anti-Virus rarely works against new threats, detection mechanisms can be easily fooled, and as this paper by Feng...
The CFR watering hole attack got most of the news, but yesterday Computerworld reported that Capstone Turbine Corporation had a similar compromise on their website since Dec 18th. Many owner/operators still directly access their trusted ICS vendor websites from their...
Jake Brodsky and Joel Langill had comments in a blog post late last year, CoDeSys IDS Signatures Easily Avoided, stating that is unfair or wrong to focus on an insecure by design PLC issue. They believe we should be focusing on the overall system security and insuring...
Happy New Year to all loyal readers. We hope you had a chance to rest up and enjoy time with friends and family over the holidays. My resolution for 2013 is simple: By the end of the year there will be a consensus that insecure by design PLCs and other field devices...
Recently, a client came to us with a new piece of equipment they wanted to put in their distribution system. A decent way to describe the new protection equipment is transmission relay technology, scaled down to distribution level and combined into a single...
A poignant reminder this week that Safety products and SIL ratings to not consider malicious attacks or even accidental spurious data. The CoDeSys development system is SIL2 certified, and they produce something called CoDeSys Safety that is SIL3 certified. Feel...
Locks had “long life” and names written on them. I had a chance to chat with former Project Basecamp lead Reid Wightman about the Tofino/SCADAHacker IDS rules related to his exploit scripts. It was in conjunction with a soon to be released ioActive webinar...
