Reid presented the latest from Project Basecamp yesterday, what he called Camp 4, at AppSec DC. He has done great work in a short amount of time, between the paying projects and I suspect often on nights and weekends. I didn’t want to step on his blog article...
DHS released version 4.1 of their Cyber Security Evaluation Tool (CSET). This version adds Visio support for network diagrams. CSET is a good do-it-yourself option for those who can’t afford pricey consultants like Digital Bond. I hope to give it a test drive...
Today Digital Bond released two new Metasploit modules affecting Schneider Modicon Quantum PLCs. I believe that these only affect PLCs with a “Unity” ethernet card, although I would guess that the exploit could be adapted to other controller types with...
Bryan Owen and Ralph Langner had great comments on our recent NERC CIP, Non-US Utilities and Security article. Here is an extended version of my response and comment. ———- NERC CIP has certainly provided some useful data points and leads to what I...
I’ve been wanting to go to the Workshop on the Economics of Information Security (WEIS) for a decade now. This year it is in Berlin so I’m registered, committed with plane tickets in hand for WEIS 2012, June 25-26. Economics of Information Security is...
Sometimes it helps to escape the bubble to get new information and fresh thoughts. Below are three recent information points and four observations on regulation and real security after a long trip outside the US. Some of the observations are not new, but they are big...
Cybersecurity for Industrial Control Systems by Tyson McCauley and Bryan Singer Get the Kindle Edition Auerbach Publications, 203 Pages I had high hopes for this book since Bryan Singer is very experienced in ICS, ICS security and IT security — and Bryan and...
The ISA 99 Security Committee has been hard at work on writing Security Assurance Levels (SAL) into the ISA / IEC standard. It’s been slow going and difficult work, and may prove to be impossible for this committee. The idea of a SAL came from many in the...
More information from Japan. As mentioned earlier this week, the Japanese Ministry of Economics, Trade and Industry (METI) has stepped up efforts on ICS security. The trigger was a malware infection spread by email of Mitsubishi Heavy Industries reported in 2011....
Over in Tokyo this week visiting customers and old friends, and it’s good to see the level of interest and concern in ICS security is growing. Like the US and rest of the world there still is a long way to go. A high percentage of the Japanese critical...
