We covered the big stories of the week, Siemens announcement, Flame and the NY Times article in earlier entries. Here is what else happened. Emerson DeltaV vulnerabilities made an ICS-CERT Alert this week. This is noteworthy because DeltaV is not some free demo...
We have been running a Stuxnet clock in the right sidebar with the tag line: Siemens has not fixed Stuxnet S7 vulns for … Yesterday Siemens officially announced a firewall and VPN solution that should prevent the Stuxnet attack on the S7 PLC. So we have stopped...
I’ve been disinterested in the Flame story and then the anti-Flame backlash. There isn’t any data yet that makes it more pertinent to the ICS world than any other non-ICS incident. Not that it isn’t a fascinating piece of malware worthy of...
As part of developing Bandolier Security Audit Files for various control system components, see the full list here, we need to start with security audit files for the recommended OS security settings. These recommended settings are then modified as necessary for the...
I’ve been surprised by the relative silence on the NERC CIP Version 5 ballot results. Perhaps everyone knew most would fail by a sizable margin (e.g. CIP-002 37%, CIP-004 39%, CIP-006 39%, CIP-007 46%). Only CIP-008 passed, but CIP-003 and CIP-009 came close...
When Intel followed the acquisition of Wind River, the maker of the popular PLC OS VxWorks, with the acquisition of McAfee, our curiosity was peaked. More recently they acquired SIEM vendor NitroSecurity who had a significant and sustained effort on ICS security. So...
My last post is regarding NERC CIP V5 is the automatic ‘Low’ classification of Blackstart generation resources that do not meet bright line criteria. The committee cites compliance costs and a potential withdrawal of blackstart resources as the primary...
Richard Bejtlich blogged “SEC Guidance Is A Really Big Deal” regarding the SEC telling companies they need to disclose cyber incidents and risks. If you read financial statements you are already beginning to see cyber security disclosures along side other...
EMET v3 was released two days ago and it introduces a most-coveted feature: support for management via Group Policy. EMET is Microsoft’s answer to legacy software problems. It introduces address space layout randomization and other wizardry to legacy...
DNS is probably the second most misunderstood protocol (the first being the control protocol du network), and that needs to change. I can’t claim to be anything close to a DNS expert, but am known to do neat tricks with it now and then. A few years back I...
