Quickdraw is Digital Bond’s DHS funded security project to develop an application that will generate security log events for PLC’s and other legacy field devices with little or no security event logging capability. While evaluting the technical...
Risk in our field is most often defined as risk = threat x vulnerability x consequence. And while it is a formula that is easy to define it is very difficult to give actual values to the variables. How do we quantitatively assign “real”...
NERC got hit hard by Congress in the May Congressional Subcommittee Hearings, most notably on providing false information to Congress in the past. Some members of the Subcommittee went as far as saying NERC needed to be replaced as the ERO. There had to be some action...
The classic definition of the cornerstones of information security are: Confidentiality, meaning that the data that you send or receive can not be read by others.Integrity, the data is valid, has not been tampered with and originates from the authenticate...
I recently gave a presentation on the SCADA Honeynet Project. During the Question and Answer session, a number of attendees requested an implementation of the Honeynet that would allow them to use a spare physical PLC as the target. Evidently many asset owners had...
We’re often asked why we would do binary analysis on software that we already have the source code to, and Rob Graham over at Errata’s blog had a great post on this a few days ago about that very topic. As Graham says the key difference between coders and hackers (or...
Prior to the holiday I took a swing through the Pacific Northwest. Here are a few items: In Vancouver I stopped in on Wurldtech. Achilles continues to mature with lots of new configuration and reporting features, but what I found most interesting is the way Wurldtech...
Vulnerabilities were announced in Ruby during the last week. Details are still limited, but they’re starting to seep out as people start analyzing the patches/source tree. These vulnerabilities, and others like it in Python/Perl/etc are interesting for a lot of...
We’ve talked occasionally about using the Bandolier audit templates to help with various standards compliance efforts. There is now a SCADApedia article that more formally describes how and where Bandolier links to the NERC CIP requirements. Earlier this week I...
Defcon, for those who don’t know, is the world’s largest and most famous hacking conference. This year an unofficial contest is being held at Defcon and it is receiving negative feedback from some of the anti-virus (AV) vendors. The goal of the...