Recently, a client came to us with a new piece of equipment they wanted to put in their distribution system. A decent way to describe the new protection equipment is transmission relay technology, scaled down to distribution level and combined into a single...
A poignant reminder this week that Safety products and SIL ratings to not consider malicious attacks or even accidental spurious data. The CoDeSys development system is SIL2 certified, and they produce something called CoDeSys Safety that is SIL3 certified. Feel...
Locks had “long life” and names written on them. I had a chance to chat with former Project Basecamp lead Reid Wightman about the Tofino/SCADAHacker IDS rules related to his exploit scripts. It was in conjunction with a soon to be released ioActive webinar...
Roland Koch and students at the University of Applied Sciences in Augsburg, Germany have released a PROFINET fuzzer called ProFuzz. While not a top 3 protocol in the US, PROFINET is the most widely used ICS protocol in Europe, particularly in the manufacturing sector....
The Shamoon investigation by Saudi Aramco, aided by the government’s Ministry of Interior, stated “The aim was to stop pumping oil and gas to domestic and international markets”. An article in Al Arabiya goes on to say “The state-owned group which runs all...
ICS-CERT issued an Advisory on Friday titled Rockwell Allen-Bradley MicroLogix, SLC-500, and PLC-5 Fault Generation Vulnerability. This is just a distraction from the PLC insecure by design issue. The impact of this vulnerability is denial of service. You don’t...
GE announced the long awaited successor to the decrepit and insecure D20 — the D20MX. This time it appears to be real as some asset owners are expecting demo/trial shipments in a matter of weeks. From the site, “Built-in cyber security features such as...
Slow week in the SCADA security world. Siemens announced some new security controls for the S7-1500 line of PLCs. The most interesting feature –“Access protection addresses the problem of protecting the application against unauthorized configuration...
Last week, Dale had difficult conversations regarding cyber security with two vendors. Apparently, that was the week for vendor interactions, as I had one too. My interaction was with a control system component vendor, attempting to explain the premise of my upcoming...
I’m putting together an intro for an ioActive webinar on CoDeSys with Reid, which will have some good technical information and discussion on the effectiveness of suggested compensating controls. And I’m trying to find some way to point out the complete...
