Sergey Gordeychik of Positive Technologies presents in 45 minutes a large number of vulnerabilities in WinCC at S4x13 — yes the WinCC of Stuxnet fame. There are also some findings on the S7 PLC’s. The work is part of the impressive SCADA Strangelove...
EnergySec experienced an unhappy holiday season last December as a significant number of the employees were let go, reduced their hours, deferred pay or shifted to unpaid volunteer status. These were people at all levels of the organization from the CEO, who included...
Chris Jager is a freelance security consultant who is always looking for interesting projects related to NERC CIP or ICS cybersecurity. In this four-part guest post series, he’ll go over changes to the NERC CIP standards and challenges facing the industry as they...
Kelly Jackson Higgins has a Worth Reading article on ICS-CERT. The common line of defense of ICS-CERT is a CERT only does coordination, and we should not expect more. I’m glad that Kelly included ICS-CERT’s mission verbatim in the article. What really has...
There are a number of very good general ICS security courses available, such as Red Tiger, SCADAhacker, UtiliSec or the INL courses. We thought we would try a course aimed at a specific type of control system with the hope of providing more tailored, understandable...
Loyal blog readers probably have figured out that I have tremendous respect for Ralph Langner. We have had the opportunity to discuss ICS security issues at S4 and via email for years, and in recent years find ways to go hiking (true SCADA Security Summits) and...
I’m often asked by reporters if ICS are so insecure why there have been no dramatic and devastating impacts of ICS cyber attacks. The only answer I have is that the consequences to the attacker if they are caught have exceeded the reason or motive up...
Information sharing is a key component of President Obama’s Executive Order with emphasis on sharing information on threats and incidents. With the current insecure state of ICS, the value of this information is limited to the question IF we should start to...
The DHS Office of Inspector General released the report DHS Can Make Improvements To Secure Industrial Control Systems on Valentines Day. After US Defense Secretary Leon Panetta recently focused on critical infrastructure attacks in his “Cyber Pearl...
DHS ICSJWG is starting a new Standards subgroup “to identify current industrial control systems security standards that exist, assess and evaluate a relevant set of baseline control systems standard requirements, and create and maintain a catalog of timely...
