Does Innominate Help Against Stuxnet?

Innominate has a PR type sending around a recent white paper, Post‐Stuxnet Industrial Security Zero‐Day Discovery and Risk Containment of Industrial Malware with the Innominate mGuard Technology. My last info on Innominate was they had a field firewall,...

What Does $25M Annually Buy? DHS CSSP Program

photo © 2008 Purple Slog | more info (via: Wylio)The US Department of Homeland Security Control System Security Program (DHS CSSP) is probably the USG’s biggest effort to improve ICS security across the critical infrastructure sectors. But the question was...

FERC Performance Audit Re: NERC CIP

An interesting but somewhat confusing document was issued this week by the Dept of Energy, Audit Report: Federal Energy Regulatory Commission’s Monitoring of Power Grid Cyber Security. This audit, performed by the DoE Office of Inspector General, assesses...

Control Microsystems Handles Vulns Professionally

photo © 2010 Tactical Technology Collective | more info (via: Wylio) I was really looking for a good news story today after some recent gloom and doom blog entries. Thankfully ICS-CERT issued an advisory today for some fixed ClearSCADA vulns that Digital Bond found...

Cybersecurity Responsibility?

George Gary Mintchell of Automation World/Feed Forward Blog and I have had a difference of opinion on the Automation Press in a few areas including the kid gloves treatment of Siemens regarding Stuxnet. He has a blog on this titled “Cybersecurity...

ICS-CERT Year In Review Fails To Look In Mirror

It’s a great idea for ICS-CERT to write a year in review document, especially with sections on lessons learned. That said it is so disappointing to see ICS-CERT continue to ignore the PLC/RTU ramifications of Stuxnet, fail to acknowledge their serious...

Zigbee in Smart Grid – The Fuse Is Lit

A press release from Ember announced the company had record revenues in 2010 and that they shipped 10 million Zigbee chips last year. From the press release: Ember’s strong growth was fueled by smart meter deployments worldwide, where Ember’s ZigBee chips...

Managing and Controlling External Devices

One of the many things that I noticed at a plant is that there are no security controls for protecting against unauthorized devices from being connected to the control system servers and workstations.  This had me thinking about the Data Loss Prevention (DLP)...

MS Attack Surface Analyzer: A Deeper Look

In my first post on the Attack Surface Analyzer, we looked at the basic function and how it fits into the SDL. For this post, we’ll take a deeper look at some of the information the tool provides and a bit about the process used to get that information. As I...