Our weekly update on what’s new with S4x14 in the past week. Check out the agenda and register before the event sells out. Mobile App This year we will have a mobile app for S4x14 that will include the schedule, speakers, white papers, presentations, area info,...
Today I’ll be on the SCADA panel as part of pauldotcom’s 350th episode. View it live at 11:30 EDT or listen to the recorded podcast later. Other panelists are Joel Langill, Patrick Miller and Justin Searle. If you are interested in the latest on the...
The US District Court for the State of Idaho ruled that an ICS product developer’s computer could be seized without him being notified or even heard from in court primarily because he states on his web site “we like hacking things and don’t want to...
On most Mondays we will provide an update on what is new with S4x14 week. Check out the agenda and register to guarantee your spot. News on Crain/Sistrunk Session You probably saw the Wired and New York Times article on Adam Crain and Chris Sistrunk’s research...
Check it out. The agenda and registration site for 2014 edition of Digital Bond’s S4 is now up. It is now a four day event running January 14th to 17th in Miami Beach. Wednesday / Thursday is the traditional S4 event. Very technical, bleeding edge offensive and...
ICS vulnerabilities are easy to find and often not even necessary because the ICS applications and protocols are insecure by design. So why are the vulnerabilities that Adam Crain and Chris Sistrunk found in DNP3 protocol stacks such a big deal? Three reasons why I...
GE announced the Industrial Internet. It’s a broad, marketing announcement but here is a taste for loyal blog readers – “GE’s Grid IQ SaaS allows utilities to monitor, manage and control their grid more intelligently without worrying about...
This post is part of a coordinated series of blog posts examining the details of version 5 of the NERC Critical Infrastructure Protection (CIP) standards. These posts, written by various individuals having direct experience with these standards, will point out...
This post is part of a coordinated series of blog posts examining the details of version 5 of the NERC Critical Infrastructure Protection (CIP) standards. These posts, written by various individuals having direct experience with these standards, will point out...
This is the S4x13 lost episode. Somehow I erred in not processing and posting it, and only realized it while looking for similar sessions on vendor Security Development Lifecycle (SDL) successes and lessons learned. Apologies to Anthony and Akshay for my delay in...
