Loyal blog readers should watch last nights 60 Minutes segment on Stuxnet, some of the web extras, and an interesting Overtime segment with Dillon Beresford. You won’t learn much that is new to you, but you will be able to answer questions and comment when your family...
SCADA and DCS foster an engineer hero culture. The plant, pipeline or process is not operating properly. The one or two individuals, almost always guys who have 15+ years experience in the plant, are able to troubleshoot the problem, make a change on the fly, and get...
Four quick and different points to make in this blog: 1. Eric Byres has started a blog series on the very important defense in depth security concept 2. Defense in depth does not obviate the need for proper risk management and addressing major risks Project Basecamp...
A number of loyal readers have been sending in examples of vulnerable, Internet accessible control systems. The example below from Patrick Stave of Norway is representative of what we are receiving. In this case, I 100% agree with ICS-CERT that if you have your SCADA...
The fact that Congress has to deal with DCS and SCADA security for the critical infrastructure is another representation of failure by all in the ICS community, but in the US Government realm primarily by DHS as the responsible government agency. Congress can’t...
Project Basecamp highlights the fragility and insecurity in most PLC’s and provides tools so anyone can demonstrate and prove it. There should be no doubt that after ten years the ICS community needs to deal with this, but how? Part 1 covered what Asset Owners...
Project Basecamp highlights the fragility and insecurity in most PLC’s and provides tools so anyone can demonstrate and prove it. There should be no doubt that after ten years the ICS community needs to deal with this, but how? Part 1 covered what Asset Owners...
ODVA, the organization in charge of the EtherNet/IP protocol responds to the Project Basecamp Metasploit module and payloads that take advantage of the protocol’s lack of authentication to reboot or completed stop the device. It basically says yes this is true...
Hopefully loyal readers now accept that we need to address the decade old problem of insecure and fragile PLC’s/RTU’s/field devices, and the Basecamp information and tools provide some additional compelling evidence and demonstrations to prove the point to...
More Project Basecamp modules and tools have been released today. The Basecamp reaction has been predictable and disappointing at the same time. The initial furor is over the disclosure, and there continues to be very little anger over the fragility and insecurity...
