Saudi Aramco admitted that about 30,000 computers had been infected with malware known as Shamoon. They were quick to point out that “its primary enterprise systems of hydrocarbon exploration and production were unaffected as they operate on isolated network...
The LOGIIC (Linking Oil & Gas Industry to Improve Cybersecurity) won the U.S. DHS Science & Technology Directorate Under Secretary’s Award for Outstanding Collaboration in Science and Technology. According to Automation.com “the award is...
ISA announced yesterday that the Honeywell Process Solution’s Experion DCS controller and Experion Field Integration Module (FIM) have achieved ISASecure Embedded Device Security Assurance certification. This is good news that the ISASecure certification is...
Justin Clarke and ICS-CERT unveiled another vulnerability in RuggedCom devices yesterday. This time, Justin took a different track with the device firmware and showed that all products use the same SSL private key, hard-coded in the firmware. This is fairly...
I agreed to speak at Jeffrey Carr’s Suits and Spooks in Boston on October 18th. The theme of this edition is Offensive Tactics Against Critical Infrastructure, and my sector to attack is electric. I’ll be showing how an adversary would compromise...
If you are attending the EnergySec Summit, Sep 25 – 27 in Portland, or if you are in the area, learn how to best use Nessus with your SCADA or DCS at our half day training course on the 25th. Space is limited to 20 students so register soon. Most people download...
The big item of the week was Saudi Aramco cutting itself off from the Internet due to a malware incident. According to ICS-CERT, this would be an ICS cyber incident whether it affected their control systems or not because they run a control system. An article is...
James Arlen, @myrcurial, posted a question on SCADASEC on the phrase “utilizing demonstrated engineering experience”. Here is the pull quote/question: “If you are, say – a cookie manufacturer, and you have a cookie manufacturing line built and...
I’ve had a chance to spend some quality time with Microsoft’s Attack Surface Analyzer over the past week, which I’m going to refer to as “MS-ASA” to keep my word count down. The tool itself is pretty nifty, it gathers security and other...
Most of the talk about smart grid and smart grid security, especially in the US, revolves around automated metering infrastructure (AMI). And much of the security discussion has to do with the ability of an attacker to turn power on and off to affect customers and...
