Brian Krebs breaks a big story in the ICS security world — Telvent has been informing customers they have been compromised by the Comment Group. Over the past two decades Telvent has dominated the oil and gas pipeline SCADA market. In recent years they have...
Remember S4 Call For Papers/Presentations Closes This Friday September / October is a busy week for ICS security events. Joe Weiss just posted the full agenda for ICS Cyber-Security Conference the week of October 22nd in Norfolk, VA (called WEIScon by many). The week...
Most of the attention, reporting and speculation on Stuxnet perpetrators has been focused on the US and Israel, but what about Siemens and the German Government’s possible role in the Stuxnet story? The Siemens and Iran issue came up last week with the...
ICS released Version 3.0 of The Roadmap To Secure Control Systems in The Transportation Sector. It’s a good primer to transportation sector ICS, which surprisingly includes pipelines. Each sector is defined along with a glossary of key terms. The four goals are...
Ask and ye shall receive. Tenable quietly updated Nessus compliance checks today, adding some fancy new “Open Port” auditing features. Among other things, new rules mean that your audit files can now check for a list of allowed and denied ports, as well...
Ross Anderson (past S4 keynoter) and Alex Henney published a paper on the failed economics of the British smart metering project (UK). They contend that when the economic case didn’t work out. the government changed the underlying assumptions until the...
Owners conducting a NERC Cyber Vulnerability Assessment have a requirement to annually verify ports and services. On Windows and Unix based systems, it is trivial and safe to pull a list of listening ports and the configured services thanks to commands like netstat,...
Industrial Defender announced another industry partnership to provide their security products and services to an ICS vendor — this time with Telvent. As mentioned in an earlier article, the key factor in determining if this is truly pushing security to customers...
Attention to DCS and SCADA security continues to grow in Japan. Here are three notes: 1. IPA, a Japanese organization that works with government and industry, has partnered with ISASecure to bring the ISASecure certification program to Japan. Certification is...
All talk, no action. The various agencies are using only a fraction of the power they have to make a difference in ICS and SCADA cybersecurity. All the potential legislation, executive orders, and political platform stances only effective purpose is to make people...
