Ross Anderson (past S4 keynoter) and Alex Henney published a paper on the failed economics of the British smart metering project (UK). They contend that when the economic case didn’t work out. the government changed the underlying assumptions until the...
Owners conducting a NERC Cyber Vulnerability Assessment have a requirement to annually verify ports and services. On Windows and Unix based systems, it is trivial and safe to pull a list of listening ports and the configured services thanks to commands like netstat,...
Industrial Defender announced another industry partnership to provide their security products and services to an ICS vendor — this time with Telvent. As mentioned in an earlier article, the key factor in determining if this is truly pushing security to customers...
Attention to DCS and SCADA security continues to grow in Japan. Here are three notes: 1. IPA, a Japanese organization that works with government and industry, has partnered with ISASecure to bring the ISASecure certification program to Japan. Certification is...
All talk, no action. The various agencies are using only a fraction of the power they have to make a difference in ICS and SCADA cybersecurity. All the potential legislation, executive orders, and political platform stances only effective purpose is to make people...
So you’ve decided to start a quarterly or bi-annual patch program, you may find yourself thinking: “Do I really need to patch *everything*? What are the highest priority patches that I need to apply for the best risk reduction?” The good news...
The ISA99 Committee created a web page with all the work product in process and links to all of the draft documents. This is fantastic and part of their increased effort to get more people aware of and involved in their activities. Today there are 13 draft documents...
Guest author Andrew Ginter is the Director of Industrial Security at Waterfall Security Solutions, the makers of hardware-enforced unidirectional security gateways. The popular press cites an “alarming” statistic from time to time – the...
ICS-CERT made a fistful of updates yesterday. One of them is over a bag of bugs^Wsecurity concerns first revealed by yours truly. This update is a bit odd for a few reasons. Here is my summary of how it relates to my disclosure: the passwords disclosed by me...
Adding new security systems and making updates to the control system in the name of cyber security tends to have a ripple effect. Operational processes that were once nearly bulletproof have new or unknown steps, recovery efforts that were previously successful...
