Patrick Coyle posted over the weekend that ICS-CERT has updated their “Internet-connected control system” bulletin, first posted in January 2012. The update points out additional control systems vendors and rightly shows the concern that default passwords...
I’m in Berlin preparing to attend the Workshop on the Economics of Information Security (WEIS). ICS owner/operators act in their own best self interest. This is rational behavior for any person or organization. Owner/operators that don’t spend money on ICS...
Patrick Coyle correctly takes WAGO to task for providing the remediation advice of disabling EtherNet/IP and the web interface if not used. They didn’t fix the vulnerability, and it took them five months to put out this advice? Actually, ICS-CERT put out that...
Few things beat patching, yet on industrial control systems patching is often delayed and delayed and delayed until some event forces the owner’s hand. Antivirus is often used as a stop-gap measure to delay patching. This is often not a very good approach....
Pacific Northwest National Lab (PNNL) released a report “Technology Security Assessment for Capabilities and Applicability in Energy Sector Industrial Control Systems: McAfee Application Control, Change Control and Integrity Control”. The date...
Digital Bond has been doing a lot of generation work lately, and I’ve found myself in plant clothes (safety shoes, hard hat, jeans, cotton shirt) more and more often. There has been a lot of interest in the cyber security of generation plants, and not all of it...
Kaspersky’s analysis found that Flame and Stuxnet had code in common according to an article in TPM. “The code in common was used to install and propagate the malware onto computers from an infected USB stick by causing the victim’s computer to “autorun”...
A client was recently interested in a particular brand of serial port to Ethernet converter. I’ve done my own with socat, and worked professionally on pen-testing an (IMO) excellent secure serial to Ethernet front-end that adds a lot of security and management...
I read the Stuxnet portion of David Sanger’s Confront & Conceal. Stuxnet is actually only a small part of the book, but it is the first sensational story in the Prologue to capture the reader’s attention and most of Chapter 8. I had called the earlier...
The following is guest post courtesy of Ned Moran of the Shadowserver Foundation. This post is a technical analysis of the malware used in a spear phishing attack targeting those interested in ICS security . Dale was kind enough to share a copy of the spear phishing...
