My previous blog on Version 2 of the WIB Security Requirement for Vendors reads a bit like a security assessment report. While it highlights some positives, most of the details are on the deficiencies. To be clear, it is one of the better documents in this space and...
I was tough on ICS-CERT’s performance on Stuxnet in an earlier post. Now ICS-CERT is reaching out to a number of people in the control system community, including Digital Bond, to get some candid feedback on what they need to do differently or better. There is...
Back in April we reviewed Version 1 of the WIB/Wurldtech/Shell Process Control Domain – Security Requirements for Vendors. While it was a useful guideline document, it had major problems that needed to be solved before it could be used for a vendor certification...
Ralph has an open letter to Symantec up on his site. While I’ve been known to point out a failure from time to time in this blog, I think in this case Ralph is unnecessarily rough on Symantec who has done fantastic work on Stuxnet. However if you ignore the...
If you have been thinking ISA 100 is the future wireless standard for control systems, you must read Walt Boyes analysis that the battle is over and Wireless HART has won. The tone and tenor of presentations I have been hearing for years is that ISA 100 is ready for...
I learned via @jimcahill of Bob Huba’s presentation on a new smart firewall offering at the Emerson Delta V Global User Exchange and was eager to learn more. An article on ControlGlobal has limited details on it, but more interesting was the step back in time by...
Jason touched on the growing frustration with NERC CIP, and the realization that in many ways the CIP mandated compliance focus is actually impeding security progress. Joe Weiss has led the charge that CIP should be replaced with NIST SP800-53, but this comes as the...
Symantec posted yesterday the definitive analysis of Stuxnet to date. It’s long, detailed, easily understood and overall a fantastic piece of work. Evidently they were holding this detail for a conference on the 29th and even more detail will be available in a...
One more Stuxnet post before we move on. A few different issues and thoughts to cover so I’ll number them. 1. ICS-CERT Failed The Biggest Test Yet The community expected ICS-CERT to lead not follow far behind in informing us about control system security...
Ralph Langner has posted even more technical data on Stuxnet, breaking down the technical info so it can be more easily understood. For example, “if the return from FC1874 is ‘DEADF007″, original code is skipped”. He also theorizes the target...