Thomas Rid of Kings College has a book out with the provocative title: Cyber War Will Not Take Place. Most of the discussion around this book has focused on the assertion in the title, and we cover this in the last third of the podcast. Thomas stresses words matter...
Phyllis Schneck has been selected to head up the cybersecurity division at the US DHS. Her experience leading InfraGard in its early years should be helpful as it required her to focus on public/private issues and deal with the government bureaucracy. She has some...
Admittedly a trivial post … but what is the proper spelling and usage – cyber security or cybersecurity? I’m going to go back to the classic Military Cryptanalytics by Lambros Callimahos and William Friedman and my early days out of college writing...
Yesterday the White House announced the consideration of incentives in eight different areas to spur the adoption of the developing cybersecurity framework. Here is a quick analysis of the likelihood of each having an impact on changing behavior, ordered in most to...
We put the Apa and Hollman’s Black Hat paper Compromising Industrial Facilities From 40 Miles Away in the Worth Reading last Friday. Later on Friday Walt Boyes savaged the researchers in a blog entry saying “There’s a word for...
The news this week was dominated by the presentations at Black Hat, DefCon and Bsides Las Vegas. Charlie Miller and Chris Valasek got the most attention for their hacking of a Toyota Prius and Ford Escape. Breaking, accelerating, moving the steering wheel, all from a...
First we had GLEG developing SCADA exploit packs for Immunity’s Canvas. Now ExCraft Labs out of Cypress is producing the SCADA Pack for Core Impact Pro. It includes 50 exploit modules with about 15 0days. Mostly usual suspects of WinCC, Cimplicity, Advantech,...
Despite good examples from Google, Microsoft, and others, Bug Bounty programs in SCADA and ICS are very limited. As in nearly non-existent. As in the only one I’ve heard about publicly is IntegraXor’s non-monetary program, which hit mainstream last week. I...
Guest blogger Stephan Beirer is a Senior Information Security Consultant and head of Industrial Control Systems Security at GAI NetConsult GmbH, Berlin/Germany. He is the project editor of TR 27019 at ISO/IEC JTC 1 SC 27 and a domain expert for process control systems...
Slow summer week IntegraXor became the first ICS vendor to offer a bug bounty (that we are aware of). The bounty is software licenses not points … “We do not pay out monetary reward but only pay off I/O point to use our software license.” This...
