30 Nov 2012 | 2012
Slow week in the SCADA security world. Siemens announced some new security controls for the S7-1500 line of PLCs. The most interesting feature –“Access protection addresses the problem of protecting the application against unauthorized configuration...
20 Nov 2012 | 2012
Last week, Dale had difficult conversations regarding cyber security with two vendors. Apparently, that was the week for vendor interactions, as I had one too. My interaction was with a control system component vendor, attempting to explain the premise of my upcoming...
19 Nov 2012 | 2012
I’m putting together an intro for an ioActive webinar on CoDeSys with Reid, which will have some good technical information and discussion on the effectiveness of suggested compensating controls. And I’m trying to find some way to point out the complete...
19 Nov 2012 | 2012
The Unsolicited Response Podcast occurs whenever events warrant. Late last week I recorded an interview with Bob Radvanovsky who is the owner of SCADASEC and one of the leaders of Project Shodan Intelligence Extraction (Project Shine). Project Shine has found over...
16 Nov 2012 | 2012
Register Now for S4 2013 – Awesome Research This Year NextGov reports the US National Highway Safety Traffic Safety Administration plans to “‘conduct rule-making ready research to establish electronic requirements for vehicle control...
15 Nov 2012 | 2012
Keep track of the latest S4 updates on our S4 site. We have two great new additions to the S4 2013 agenda. Both happen to involve the Siemens WinCC / S7 product family. Loyal blog readers have probably heard recently of Positive Technologies whitepaper SCADA Safety in...
13 Nov 2012 | 2012
These are typical, illustrative, and sad. Conversation 1: PLC Vendor A PLC vendor reached out to Digital Bond and encouraged us to share any results we found on their systems with them. He said they were very interested in security and understood they needed to do...
9 Nov 2012 | 2012
EnergySec has formed the Publicly Accessible Control Systems Working Group (PACS-WG) to try to track down and remove Internet accessible devices identified in Project Shine and elsewhere. The kickoff webinar is next Friday. Eric Byres and Tofino have teamed with Joel...
8 Nov 2012 | 2012
A I spoke recently with Kelly Jackson Higgins of Dark Reading about the number of vulnerabilities being found post-Stuxnet. This obviously is due to the increased attention from researchers and hackers. The data also shows some vendors and products have a steady...
7 Nov 2012 | 2012
Last September, I did a guest blog post titled “Online-Malware-Support-Shows-Infected-ICS-Computers”, where I searched for HiJackThis posts containing automation software. Basically, there are forums available to users that had been infected with viruses....
