Server Hardening – Getting Back To Basics

If you are responsible for defending networks and systems, you have many different tools at your disposal (unfortunately so do the attackers). There are many products on the market, from firewalls to intrusion detection/prevention systems, that aim to protect your...

On The Increasing Intelligence of Field Devices

Recently I’ve attended a few training classes/sales pitches on some new field devices coming into the market, and a trend that I’m seeing is more and more of them are being built on x86 processors running embedded Windows operating systems.  A lot of...

OPC UA Assessment Series

Digital Bond has just completed a security assessment report on the OPC Unified Architecture [UA] protocol, and we will be issuing a series of blog posts supported with SCADApedia content on the results. The assessment included both a paper security review of the...

Digital Bond Turns Ten

Digital Bond opened our doors ten years ago today on Sept 28, 1998. Like most businesses, Digital Bond morphed over time. Gen 1 was a company designing a smart card solution to secure Internet brokerage transactions. We actually did pharming demonstrations with...

The Risks of Security Non-Disclosure

As there has been a furor of emails on various lists regarding the recent Citect vulnerability Metasploit modules I thought a little discussion of the risk of Non-Disclosure might prove valuable. Disclosure and the development of such a modules do increase exposure....

Vulnerability Scoring Metrics

Last week at PCSF there were a few issues that seemed to work their way into every presentation and discussion.  It seems that both vendors and asset owners are looking hard for the government or some other entity to provide vulnerabilities with some sort of risk...

Just not getting it

Some companies, both vendors and asset owners, continue to give away the proverbial “baby with the bath water.” Case in point (from an article at automation.com but which was a general press release): August 7, 2008 – Reykjavik Energy selected...

Arming Attackers?

Matt Franz in a recent post at his blog noted, in a very tongue in cheek manner, that some of Digital Bond’s recent Scadapedia articles serve to “arm attackers”. As security through obscurity does not exist it is important to understand that...

Leveraging Portaledge for Security Metrics

Portaledge is a tool being developed by Digital Bond with Department of Energy funding that uses OSIsoft’s PI server interfaces to aggregate security events from IT and control system data sources and then correlate them through PI’s ACE correlation engine...

What Should Congress Do?

The combination of the lobbying topic in the last podcast, Joe Weiss talking about a blue ribbon panel to advise the next President, and chats with team members have made me think about this a lot over the last week – – and I still don’t have an...