Redpoint is our internal project to develop NSE scripts for Nmap to identify and enumerate ICS devices. We are releasing some of the more helpful and less intrusive scripts on GitHub. The first was for BACnet devices, and now we have released a NSE script to identify...
Rotem Bar of Limpox Advanced Solutions closed out S4x14 with a look at how integrators can introduce vulnerabilities into an ICS. This point was actually brought out as well by Sistrunk and Crain with the DNP3 vulns. In that case the TMW master station was not...
Let me give you a real world anecdote to provide a little context about my comment to Kelly Jackson Higgins over at Dark Reading that the Windows XP end of life was in many ways a positive experience for ICS organizations that care about security. Last month I had a...
The Crain/Sistrunk disclosed vulnerabilities from fuzzing of master stations have all been related to DNP3 protocol stacks … until today. ICS-CERT announced the first Modbus protocol stack vulnerability from Project Robus. Welcome to the party Modbus. We...
The Great Debate topic for S4x14 was: Are Risk Based Approaches Bound to Fail in Securing Critical Infrastructure ICS? The idea for the topic was a Bound to Fail paper by Ralph Langner and Perry Pederson for the Brookings Institution. We had Jim Gilsinn of Kenexis and...
The most frequent question I get from reporters is “why haven’t we seen more security incidents in ICS”? It is now common knowledge that ICS are vulnerable, and eventually we will get the message out that they are, in fact, insecure by design. Why...
Friendly reminder that there are a few seats still available for the CIPv5 Foundations course partnered with Digital Bond’s Cyber Security for Generation (click link for more details). This two day course starts with the NERC CIPv5 Foundations course offered by...
Have a great research idea for “Automatic Detection and Patching of Embedded Systems”? Take a look at the DHS pre-solicitation notice announcement for funding under the Small Business Innovation Research (SBIR) program. There is a heavy Internet of...
All the fuss and tension over the security impact of Windows XP reaching its end of life next week is wildly overblown for the ICS community. Yes there still are a lot of asset owners running Windows XP in their ICS environment. And yes, many of these asset owners are...
Jim Gilsinn and Bryan Singer of Kenexis Consulting Corporation had a quick 12-slide/15-minute session on analyzing ICS protocols. Good information on the what and why of pub/sub in these protocols, as well as some protocol plots showing some of the challenges of...
