The recent CitectSCADA vulnerability disclosure and the associated discussion on various control system mailing lists, blogs and forums raises some interesting assertions. Assertions that have piqued my interest in the past when...
Previously we recorded a podcast on the minimal install / small attack surface install of Windows Server 2008 called Server Core. One benefit of a smaller attack surface should be fewer security patches. We made some estimates on the reduced patching if a Server Core...
We have been working feverishly on Bandolier for several months now and have blogged about some of the issues and progress along the way. Notably absent, however, has been discussion about which applications we have assessed and which respective audit files are under...
I’m pleased to announce we have begun work on another research project. This one is funded by the Department of Homeland Security, Science and Technology Directorate. The project is the PLC Passive Security Event Log Generator, which we will be calling...
If the “holy grail” for an hacker is to execute a vulnerability that allows for the installation of a payload (rootkit) that provides control of a remote system, how do defenders prevent this? Experience has shown that...
After a few days of letting the Congressional Hearings on security of electric sector control systems sink in here are the three items I found most interesting and important. 1. The fact that NERC previously provided false information to Congress on Aurora mitigation...
We have written quite a bit about intrusion detection and developed SCADA signatures to detect attacks on the SCADA or DCS IP networks and associated DMZ’s, but let me introduce another buzzword to the community: extrusion detection. The idea behind extrusion...
I’ve been involved to varying degrees with security standards efforts for way too long now – – almost twenty years. Most recently with the ISA 99 Part 4 effort. For a while I was actively involved in that effort in support of a contract with...
Joshua Corman of IBM/ISS gave a presentation at Interop Las Vegas yesterday titled “Unsafe at any speed: 7 Dirty Secrets of the Security Industry”. Here’s the Network World report. The title alone is interesting – making a reference to automobile safety – especially...
The field security appliance market just got smaller – – or larger. Innominate was one of the first companies to develop a firewall for the plant floor or SCADA field sites. We have covered them in the blog over the years. Innominate announced at Hannover...
