17 Sep 2013 | 2013
I will be presenting at EnergySec 2013 in Denver this year, and will be at the conference to hear some of the great lineup that the EnergySec crew has put together. The EnergySec organization was originally formed as a loose group of security, response, and...
13 Sep 2013 | 2013
Apologies for the lack of posts and slow approval of comments this week. Most of the team was in a very low bandwidth environment. Tenable Network Security, most famous for Nessus, has released Version 4.0 of the Passive Vulnerability Scanner (PVS). We have always...
6 Sep 2013 | 2013
The US National Science Foundation (NSF) has provided another $1.6M to a university group led by the University of Illinois to detect and prevent attacks on the power grid. The most interesting part is the use of the Bro network security monitor. So Bro should have...
4 Sep 2013 | 2013
Ralph Langner is best known for discovering how Stuxnet actually altered the logic in the Iranian’s S7 PLCs, but he has a history of great research prior to that and is a strategic thinker as well. We gave his last book, Robust Control System Networks, a five...
30 Aug 2013 | 2013
The US Government (NIST) has published A Discussion Draft of the Preliminary Cybersecurity Framework (pdf). This is a key preparatory document to read if you are attending the fourth workshop in Dallas, Texas on Sept 11-13. Patrick Coyle highlighted the US Department...
28 Aug 2013 | 2013
It started innocently enough with a tweet from Joel Langill. MS Warns of Permanent 0Day Exploits for WinXP http://t.co/MAyY7lYyQ8#SHnews huge impact to legacy #ICS – why you need more than patch mgmt — SCADAhacker (@SCADAhacker) August 26, 2013 and my response:...
23 Aug 2013 | 2013
OSIsoft was a strong and early supporter of the Bandolier Security Audit Files and providing guidance to their customers on the optimal security configuration for the PI Server. They are now releasing a tool similar to Bandolier that will audit the PI Server security...
22 Aug 2013 | 2013
The GE D20MX RTU is the latest example of a brand new, top of the line ICS field device that can be easily be compromised because the ICS protocols it supports are insecure by design. Who cares about security features, and even vulnerabilities, if an attacker can use...
16 Aug 2013 | 2013
The cancellation of the semi-annual conferences has curtailed ICSJWG public/private partnership efforts. Ostensibly this is due to the sequester. ICSJWG is now moving towards a quarterly webinar series on basic ICS security topics. On Oct 28-29 FIRST is holding a...
14 Aug 2013 | 2013
Guest author Robert Huber is a co-founder of Critical Intelligence, a for profit ICS Cyber Situational Awareness and Threat Intelligence provider. If you look closely at all the banter of information sharing, especially with a focus on the electric sector, you have to...
