Friday News and Notes

BlackHat and DefCon are over, and vendors are breathing sighs of relief (or, digging trenches).  Let’s look at this week’s top news, according to us. In the database world, we have two stories (a fail and a win): – Oracle’s CSO floated a vaguely threatening...

More OT is Mission Critical IT

I’d encourage loyal readers to check out the comments on the recent OT is Mission Critical IT article. Some are better written than my original article and others highlight the problem. Jake writes: Most IT departments would take “mission critical” to mean do...

OT Is Mission Critical IT

The Tripwire team asked a number of people for 100 words on the following questions: How does the IoT change the dynamics between IT and OT? What practical tips can you provide for working together effectively? You can read the full set of responses in this...

CVSS for ICS

A failing grade When reading CERT advisories in the ICS space I used to skim to the CVSS score as a quick way to assess what the vuln was. I rarely like what I see when I think about the actual vulnerability to which the score is applied. CVSS, or the Common...

SHAKACON Day 2 & Go/No Go

SHAKACON was a well run and friendly conference with about 300 attendees and high quality talks over 2 days. If you are thinking about it for 2016: GO – If you live in Hawaii. This is a no brainer. The opportunity to go to Hawaii draws better speakers than you...

SHAKACON Day 1

Three sessions at Day 1 of SHAKACON in Honolulu were noteworthy for the ICSsec community. Charlie Miller and Chris Valasek on Auto Hacking The big session from this team will be at Blackhat where they will unveil and demo their ability to remotely control cars, most...

Black Hat Sessions and (Dutch) Infrastructure

The Sessions Digital Bond Labs appeared at Black Hat Sessions in Ede, Netherlands.  We gave a talk on vulnerability inheritance in PLCs, and also discussed some of the challenges associated with removing vulnerable internet-connected control systems from their...

canbus-utils release v0.2.0

Greetings. Quick post to announce an updated release for the Digital Bond Labs CANBus utilities repository. This release features the addition of a simple fuzzer to the toolkit. The fuzzer has two modes. The first mode (default with no options) is to send random data...

S4x16 Call For Presentations

We have opened the S4x16 Call For Presentations on the event website. Since 2007 S4 has been the place to show your ICS Security research to an advanced audience that will get it. In recent years we have added Operations Technology (OT) and ICS Cyber Weapons...

Book Review: There Will Be Cyberwar

There Will Be Cyberwar: How The Move To Network-Centric War Fighting Has Set The Stage For Cyberwar by Richard Stiennon Read this book if you are looking for a summary of the attacks and cyber incidents that have occurred over the past 20 years in government,...