Spring is here, and that means generally cool, but not cold days. Days where the wind blows through open windows, a light jacket is all you need for walking around, and both Daylight Savings Time and the axial tilt of this wonderful planet have graced us...
This excellent session by Alexander Bolshev (@dark_k3y) was a very pleasant surprise, and it’s a bit frustrating that it is one of the three lost S4x14 videos. We were concerned that it would be a bit S4x13 / insecure by design / low hanging fruit, but HART has...
Next week look for our announcement of S4xJapan. Dates are set; venues are booked; and we have a great plan to make this a first of its kind event in Japan. Also, Japanese readers should check out digitalbond.jp. We finally found some quality translators fluent in...
Yesterday’s post on the CIPC meeting in St. Louis got a little long, thanks to exposition from me regarding the ES-ISAC. If you find yourself wondering what I’m talking about, take a look at the post. Onward… NERC staff also discussed the kickoff...
CIPC met this past week in St. Louis, with a good agenda of cyber, physical, and compliance items. A bit of background for non-CIP folks, the CIPC stands for Critical Infrastructure Protection Committee, an advisory panel to NERC and the ES-ISAC “in the...
We lost three S4x14 videos due to technical difficulties at the end of the day on Wednesday. One of them was a great session from Stephen Dunlap and Jonathan Butts of the Air Force Institute of Technology entitled PLC Code Protection. The presentation slides from that...
It is close to a universal truth that vendors in all industries do not handle their first vulnerability disclosure incident well. We now know the same is true of User Groups with the DNP3 User Group as an example. The widespread DNP3 implementation vulnerabilities...
Sean McBride of Critical Intelligence asserted at an RSA session it was a contractor named NEDA that introduced Stuxnet into Natanz. Mark Clayton broke the news in this article, and here is a link to Sean’s RSA slides. Industrial Defender announced ASM support...
Last week there was an entertaining SCADASEC thread on the new SANS/GIAC Global Industrial Cyber Security Professional (GICSP) certification. To get your GICSP you take the 5-day SANS Course ICS410: ICS/SCADA Security Essentials and then get 69% or better on the...
Bryan Owen and OSIsoft have been supporters of ICS security research for almost a decade now. And Bryan had another interesting and pithy 15 minute session at S4x14. He covers 15 cyber incidents from around the world that affected their products and company …...
