Dale posted an introduction to Bandolier a couple of weeks ago. I am increasingly excited about the value of this project. We are working with asset owners and vendors to identify a hardened configuration for twenty control system applications. We are then developing...
A few years back, the traditional IT world was debating the merits of virtualization. There were concerns about performance, security, vendor support, and a host of other issues. Fast-forward to today, however, and you’ll find virtual machines in use in nearly every...
When the NetDDE share vulnerability in Wonderware’s InTouch 8.0 HMI was announced by US-CERT, we noticed that most dismissed it as just typical control system weak permissions. The same as commonly seen in OPC DCOM configurations. However, the true impact of a...
Alan Paller of SANS has been talking about cyber extortion attempts of utility companies for over a year now, and we now have Tom Donahue, a CIA-rep, on the record. “We have information, from multiple regions outside the United States, of cyber intrusions into...
Today FERC approved the NERC/ERO CIP cyber security standards for the electric industry. This was the right decision to avoid derailing progress. What is most impressive are the comments in the press release and final rule. They directed modifications and...
Ralph Langner, one of the bright lights in the European SCADA Security community, attended the CCC annual meeting in Berlin right before the new year. There was a Hacking SCADA presentation. Begin Ralph’s Report The Chaos Computer Club’s annual meeting is...
