I have a problem with field security devices. Well, not really A problem, but multiple problems. 1. Avoiding The Root Cause of Insecurity There is a tendency in the ICS community, and even among those considered ICS security gurus, to promote building higher walls...
The ICSJWG meeting was this past week in Denver, and the schedule was packed with great presentations, and speakers with a wealth of experience to share with the ICS community. There was a significant bump in attendance this time around. Attendees were from a...
REMINDER – S4 General Registration Opens on October 24th. See The Agenda Here. Kaspersky’s announcement of a new secure SCADA OS was the buzz story of the week. It’s an ambitious effort with low likelihood of impact on SCADA and DCS for a variety of...
Emerson announced that DeltaV DCS deployments will support virtualization in April 2013. They also highlighted the “Smart Firewall”, which sounds very similar to the Honeywell CF9 approach. Basically block everything but DeltaV required protocols out of...
Yes, it’s a new podcast. The Unsolicited Response podcast will be similar to This Month In Control System Security podcast in format and content, but I have given up the idea of doing it on a regular schedule. The inaugural episode is an interview with Brian...
Yesterday Siemens announced new vulnerabilities, and importantly security patches to address the vulnerabilities, for their S7-1200 web application. Some credit is due to Siemens for increased transparency in announcing vulnerabilities and speed in which they...
I recorded the first edition of our new podcast Unsolicited Response this week. Some months will have 1, 2 or 3 podcasts; others will have 0. It will be out on Tuesday and hope you like it as much as the previous This Month In Control System Security. Justin W....
I’ve been a vocal skeptic on information sharing, particularly the US legislative emphasis on information sharing’s criticality to make progress in ICS and SCADA security. Yesterday provided a lot of ammunition for my argument. All too often programs are...
Last week was EnergySec’s 2012 Symposium. EnergySec is a group with a lot of great energy. The conference was attended by a mix of hackers, former phone phreaks, energy sysadmins, auditors, and executives. The theme this year was, “Stop being...
LAST DAY – Submit your presentation proposal for S4 2013, Jan 16-17 in Miami Beach. Robert O’Harrow of the Washington Post continued his series to make cyber security issues understandable to the average WashPost newspaper reader. This time he covered...
