Guest author Darren Highfill is the Founder and a Managing Partner of UtiliSec, a consultancy focused on electric power cyber security. Darren has been at the forefront of efforts to secure the smart grid since long before the phrase was coined. Clouds. They...
The US Securities and Exchange Commission (SEC) is starting to crack down on cyber incident and cyber risk disclosures. They recently sent letters to six companies, including Eastman Chemical, asking for more information. This is the type of activity that gets C-level...
The good security practice for getting security updates to an ICS is well understood. A server on the SCADA or DCS network pulls the security updates from the ICS DMZ. The ICS DMZ pulls them from the corporate network, who pulls them from the Internet. You will see...
On July 30th, 2012, the northern region of India had its worst blackout in history, and then again the next day. By number of customers affected, it dwarfed the 2003 Northeast Blackout by ~570 million people. In response, the Indian government created a four person...
Saudi Aramco admitted that about 30,000 computers had been infected with malware known as Shamoon. They were quick to point out that “its primary enterprise systems of hydrocarbon exploration and production were unaffected as they operate on isolated network...
The LOGIIC (Linking Oil & Gas Industry to Improve Cybersecurity) won the U.S. DHS Science & Technology Directorate Under Secretary’s Award for Outstanding Collaboration in Science and Technology. According to Automation.com “the award is...
ISA announced yesterday that the Honeywell Process Solution’s Experion DCS controller and Experion Field Integration Module (FIM) have achieved ISASecure Embedded Device Security Assurance certification. This is good news that the ISASecure certification is...
Justin Clarke and ICS-CERT unveiled another vulnerability in RuggedCom devices yesterday. This time, Justin took a different track with the device firmware and showed that all products use the same SSL private key, hard-coded in the firmware. This is fairly...
I agreed to speak at Jeffrey Carr’s Suits and Spooks in Boston on October 18th. The theme of this edition is Offensive Tactics Against Critical Infrastructure, and my sector to attack is electric. I’ll be showing how an adversary would compromise...
If you are attending the EnergySec Summit, Sep 25 – 27 in Portland, or if you are in the area, learn how to best use Nessus with your SCADA or DCS at our half day training course on the 25th. Space is limited to 20 students so register soon. Most people download...
