2 Nov 2012 | 2012
A light week of news with most of the US attention deservedly focused on dealing with and recovering from Sandy. SANS highlighted a new international Consortium for Cybersecurity Action (CCA). It’s largely based around the top ten / top twenty security controls...
2 Nov 2012 | 2012
ICS-CERT issued an advisory today, C3-ILEX EOSCADA Multiple Vulnerabilities, based on a Digital Bond information. I’ll tell you a bit more of the interesting story and technical details. We found these vulnerabilities on a client assessment in October 2010. They...
1 Nov 2012 | 2012
I had an opportunity to meet with much of the Japanese Control System Security Center (CSSC) team on Tuesday. They are impressively moving out fast on their efforts to build and educate the ICS security community in Japan. The CSSC was established in March of 2012,...
26 Oct 2012 | 2012
The US Dept of Homeland Security had another reorganization. The Control Systems Security Program is now under the National Cybersecurity and Communications Integration Center (NCIC). This was new to me, Justin Searle of UtiliSec has a two-day course Pentesting Smart...
25 Oct 2012 | 2012
Reid Wightman provided one last set of Project Basecamp tools before leaving for ioActive. This latest release are two tools for PLC’s running the CoDeSys ladder logic runtime, which is a list of 261 vendors. codesys-shell.py: just like it sounds, you get the...
23 Oct 2012 | 2012
I have a problem with field security devices. Well, not really A problem, but multiple problems. 1. Avoiding The Root Cause of Insecurity There is a tendency in the ICS community, and even among those considered ICS security gurus, to promote building higher walls...
19 Oct 2012 | 2012
The ICSJWG meeting was this past week in Denver, and the schedule was packed with great presentations, and speakers with a wealth of experience to share with the ICS community. There was a significant bump in attendance this time around. Attendees were from a...
19 Oct 2012 | 2012
REMINDER – S4 General Registration Opens on October 24th. See The Agenda Here. Kaspersky’s announcement of a new secure SCADA OS was the buzz story of the week. It’s an ambitious effort with low likelihood of impact on SCADA and DCS for a variety of...
12 Oct 2012 | 2012
Emerson announced that DeltaV DCS deployments will support virtualization in April 2013. They also highlighted the “Smart Firewall”, which sounds very similar to the Honeywell CF9 approach. Basically block everything but DeltaV required protocols out of...
10 Oct 2012 | 2012
Yes, it’s a new podcast. The Unsolicited Response podcast will be similar to This Month In Control System Security podcast in format and content, but I have given up the idea of doing it on a regular schedule. The inaugural episode is an interview with Brian...
