DHS Control System Security Program (CSSP) actions in the natural gas pipeline alert get even stranger. They have either bungled helping natural gas pipeline companies to protect themselves or have some risky stratagem to take down an attacker and are willing to...
Guest author Sean McBride is the Director of Analysis and Co-founder of Critical Intelligence, a company that provides Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders. One...
Let’s take a closer look at DHS since this is the week of DHS’s ICSJWG Spring Conference. Like many, I’m guilty of treating ICS-CERT as if they are THE DHS sponsored organization responsible for ICS security in the US Government. ICS-CERT is part of...
There have been more than a few hysterical articles, also full of hysteria, in the press based on attack information provided by DHS. Wow, a number of large companies have been subject to a spear-phishing attack! ICS specific threat or attack information = 0. This...
ISA99 had a busy, well attended 3-day set of Working Group Meetings this week in Gaithersburg, MD. A lot of work gets done in these sessions, and it’s a testament to ISA99 they continue to get this level of participation and effort through many years of work. We...
Dan Goodin at Ars Technica pointed out something very curious to me yesterday. RuggedCom recently took down their ‘Customers’ page, which includes a list of companies for which RuggedCom is the OEM. Fortunately various search engines keep...
RuggedCom was first contacted by Justin Clarke in April 2011 concerning backdoor access to their switches and serial converters. Late on Friday, they announced that they would remove the account from their devices, and that the change would only take a few...
The big story of the week was Justin W. Clarke’s disclosure of an undocumented, remotely accessible backdoor to selected Ruggedcom equipment. But there were other stories. We could link to a wide variety of articles on the US cybersecurity legislative efforts,...
I’m continuing my review of the NERC CIP V5 standard updates, and discussing what good/bad things I find on DigitalBond.com. This week’s focus are Protected Cyber Assets. According to the glossary, a Protected Cyber Asset is: A Cyber Asset connected using...
Last week I wrote about a dream panel of witnesses for the US House of Representatives Committee on Homeland Security hearing titled: America is Under Cyber Attack: Why Urgent Action is Needed. Here is the actual and predictable list: Mr. Shawn HenryFormer Executive...
