Yesterday Siemens announced new vulnerabilities, and importantly security patches to address the vulnerabilities, for their S7-1200 web application. Some credit is due to Siemens for increased transparency in announcing vulnerabilities and speed in which they...
I recorded the first edition of our new podcast Unsolicited Response this week. Some months will have 1, 2 or 3 podcasts; others will have 0. It will be out on Tuesday and hope you like it as much as the previous This Month In Control System Security. Justin W....
I’ve been a vocal skeptic on information sharing, particularly the US legislative emphasis on information sharing’s criticality to make progress in ICS and SCADA security. Yesterday provided a lot of ammunition for my argument. All too often programs are...
Last week was EnergySec’s 2012 Symposium. EnergySec is a group with a lot of great energy. The conference was attended by a mix of hackers, former phone phreaks, energy sysadmins, auditors, and executives. The theme this year was, “Stop being...
LAST DAY – Submit your presentation proposal for S4 2013, Jan 16-17 in Miami Beach. Robert O’Harrow of the Washington Post continued his series to make cyber security issues understandable to the average WashPost newspaper reader. This time he covered...
Brian Krebs breaks a big story in the ICS security world — Telvent has been informing customers they have been compromised by the Comment Group. Over the past two decades Telvent has dominated the oil and gas pipeline SCADA market. In recent years they have...
Remember S4 Call For Papers/Presentations Closes This Friday September / October is a busy week for ICS security events. Joe Weiss just posted the full agenda for ICS Cyber-Security Conference the week of October 22nd in Norfolk, VA (called WEIScon by many). The week...
Most of the attention, reporting and speculation on Stuxnet perpetrators has been focused on the US and Israel, but what about Siemens and the German Government’s possible role in the Stuxnet story? The Siemens and Iran issue came up last week with the...
ICS released Version 3.0 of The Roadmap To Secure Control Systems in The Transportation Sector. It’s a good primer to transportation sector ICS, which surprisingly includes pipelines. Each sector is defined along with a glossary of key terms. The four goals are...
Ask and ye shall receive. Tenable quietly updated Nessus compliance checks today, adding some fancy new “Open Port” auditing features. Among other things, new rules mean that your audit files can now check for a list of allowed and denied ports, as well...
