Rob Lee, Mike Assante and Tim Conway released their analysis of the cyber attack on a Ukrainian power distribution system. It’s good work as expected from that crew, but they state “This report does not focus on attribution of the attack.” Their...
There are so many great examples and lessons to be learned from the cyber attack that caused the Ukrainian power outage on December 23rd. Kim Zetter of Wired has one of the best articles on this if you want the public version of the full story to date. The remote...
My last two articles covered the negligible risk reduction of applying security patches to Insecure By Design Devices and the minimal risk reduction of applying security patches to Insecure By Design Zones. The good news is eliminating this activity gives you and your...
My last article made the case that there is only trivial risk reduction in applying security patches to Insecure By Design applications and devices. Now consider the actual risk reduction achieved by patching computers in Insecure By Design Zones. An Insecure By...
At S4xJapan, we presented a small internal research project on DNS squatting. The topic has been refreshed in my mind because of a recent Cylance report on Japanese critical infrastructure being breached by watering hole attacks (see their SPEAR team report on the...
This was the topic of my talk at the SANS ICS Security Summit in Orlando. Take a look at the presentation below, and I’ll write a few posts to give context to the key points. Should I Patch My ICS? from Digital Bond Most asset owner ICS Security Programs are...
It’s true. We finally listened to loyal readers and S4 attendees and are bringing the event to Europe. S4xEurope will be June 9-10 in Vienna Austria at the Grand Hotel Wien. We may have some training courses on June 8th if you have any ideas. It’s a...
There are two things that I hate in the world this morning: the term ‘IoT’, and the fact that ICS slave devices are the ones which run server software. Sometimes, two bad thoughts do make a good one. This morning is one of those times. A common...
300 of the best and brightest in ICS Cyber Security from around the world were in Miami South Beach last week for Digital Bond’s S4x16. And the social events and structure of S4x16 gave ample time and fun opportunities to establish and grow the relationships so...
Trying to make this easy for people at S4x16 or lurking on the Internet. Here are the links for the input we are seeking. Thursday Flash Panel We will select the panelists and the questions based on your nominations and votes. Link to Nominate and Vote on the...
