I attended my first ICSJWG since 2011 last week in Indianapolis. It was an ok event with some interesting talks and a chance to reconnect with familiar faces in the ICS industry. It is however a far cry from the must attend DHS event back when it was called PCSF. I...
I had finished my presentation on a wide variety of topics Big Data / Cloud Computing / Internet of Things / ICS remote access, and the Q&A had started. After stressing in the presentation that ICS data can be shared anywhere without jeopardizing the integrity and...
I’m very pleased to announce Reid Wightman is returning to Digital Bond after a couple of years at IOActive. Reid will be leading a new division, Digital Bond Labs. He will write soon on what Labs is and what it will do, but let me talk about the reason we...
Dark Reading reports this week on Bitsight Technologies security ratings for the utility industry. Bitsight scored the sector as second highest in security posture, with the financial industry rated first. This scoring is primarily based on the corporate network, not...
The idea of ICS security metrics is popular, but actual measurable metrics are rare. The ISA99 committee is tackling this hard problem with Technical Report 62443-1-3 System Security Conformance Metrics, now out for ballot. Section 4.2 Metrics Development Checklist is...
Positive Hack Days in Moscow had a cool Critical Infrastructure Attack contest. “The contest’s participants will have to deal with a thermal power station, transport and city illumination systems and also with cranes and industrial robots.” Looking...
The January – April 2014 edition of the ICS-CERT Monitor was chock full of interesting facts and factoids. Here is what caught my eye. Internet Accessible Control Systems Facts – Three examples of Internet accessible control systems are described. The...
President Obama tasked NIST with creating a Cybersecurity Framework (CSF) to help secure the critical infrastructure. NIST released Version 1.0 of the CSF on February 12th. We have had a chance to dig into the CSF and even use it in a few consulting engagements, so...
Tofino’s response to Windows XP end of life reminds me of Maslow’s Hammer: “I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.” These industrial firewalls have their place, and we have...
Digital Bond is bringing S4 to Tokyo this October, and we are looking for excellent sessions for the two-day event. The event will be held in English and Japanese with simultaneous translation as appropriate. We welcome your session proposals in English or Japanese as...
