RuggedCom was first contacted by Justin Clarke in April 2011 concerning backdoor access to their switches and serial converters. Late on Friday, they announced that they would remove the account from their devices, and that the change would only take a few...
The big story of the week was Justin W. Clarke’s disclosure of an undocumented, remotely accessible backdoor to selected Ruggedcom equipment. But there were other stories. We could link to a wide variety of articles on the US cybersecurity legislative efforts,...
I’m continuing my review of the NERC CIP V5 standard updates, and discussing what good/bad things I find on DigitalBond.com. This week’s focus are Protected Cyber Assets. According to the glossary, a Protected Cyber Asset is: A Cyber Asset connected using...
Last week I wrote about a dream panel of witnesses for the US House of Representatives Committee on Homeland Security hearing titled: America is Under Cyber Attack: Why Urgent Action is Needed. Here is the actual and predictable list: Mr. Shawn HenryFormer Executive...
Maybe Not UPDATE – The vulnerability was found by Justin W. Clarke, an independent security researcher in San Francisco, California. We don’t cover most of the ICS vulnerabilities on this site, but the Ruggedcom Undocumented Backdoor Access is a...
A few months back, security researcher Justin Engler (@JustinEngler) introduced me to a neat toy: the USB Rubber Duck. The Duck is a USB thumb-drive lookalike with a secret — the hardware is really a microcontroller with a microSD Card interface. The...
Lots of action and disagreement on cybersecurity legislation in the US Government. One of the main ICS security partisan divides is around regulation of the privately owned critical infrastructure. This week the White House chimed in: “National Security...
Next Tuesday the US House of Representatives Committee on Homeland Security will have a hearing titled: America is Under Cyber Attack: Why Urgent Action is Needed. The panel who will provide testimony and answer questions has not been announced. If it follows typical...
I’ve been doing a lot of work that involves the CIP vulnerability assessment process recently, namely while developing the Bandolier R8 Audit Files, and another more comprehensive file set that haven’t been released yet. This week, I had the opportunity...
The latest Version 5 of the NERC CIP standards is now open for comment through May 21st. Version 5 adds CIP-010: Configuration Management and Vulnerability Assessments and CIP-011: Information Protection to the existing CIP-002 to CIP-009. The NERC presentation on...
