Innominate has a PR type sending around a recent white paper, Post‐Stuxnet Industrial Security Zero‐Day Discovery and Risk Containment of Industrial Malware with the Innominate mGuard Technology. My last info on Innominate was they had a field firewall,...
An interesting but somewhat confusing document was issued this week by the Dept of Energy, Audit Report: Federal Energy Regulatory Commission’s Monitoring of Power Grid Cyber Security. This audit, performed by the DoE Office of Inspector General, assesses...
George Gary Mintchell of Automation World/Feed Forward Blog and I have had a difference of opinion on the Automation Press in a few areas including the kid gloves treatment of Siemens regarding Stuxnet. He has a blog on this titled “Cybersecurity...
It’s a great idea for ICS-CERT to write a year in review document, especially with sections on lessons learned. That said it is so disappointing to see ICS-CERT continue to ignore the PLC/RTU ramifications of Stuxnet, fail to acknowledge their serious...
A press release from Ember announced the company had record revenues in 2010 and that they shipped 10 million Zigbee chips last year. From the press release: Ember’s strong growth was fueled by smart meter deployments worldwide, where Ember’s ZigBee chips...
One of the many things that I noticed at a plant is that there are no security controls for protecting against unauthorized devices from being connected to the control system servers and workstations. This had me thinking about the Data Loss Prevention (DLP)...
In my first post on the Attack Surface Analyzer, we looked at the basic function and how it fits into the SDL. For this post, we’ll take a deeper look at some of the information the tool provides and a bit about the process used to get that information. As I...