It started innocently enough with a tweet from Joel Langill. MS Warns of Permanent 0Day Exploits for WinXP http://t.co/MAyY7lYyQ8#SHnews huge impact to legacy #ICS – why you need more than patch mgmt — SCADAhacker (@SCADAhacker) August 26, 2013 and my response:...
OSIsoft was a strong and early supporter of the Bandolier Security Audit Files and providing guidance to their customers on the optimal security configuration for the PI Server. They are now releasing a tool similar to Bandolier that will audit the PI Server security...
The GE D20MX RTU is the latest example of a brand new, top of the line ICS field device that can be easily be compromised because the ICS protocols it supports are insecure by design. Who cares about security features, and even vulnerabilities, if an attacker can use...
The cancellation of the semi-annual conferences has curtailed ICSJWG public/private partnership efforts. Ostensibly this is due to the sequester. ICSJWG is now moving towards a quarterly webinar series on basic ICS security topics. On Oct 28-29 FIRST is holding a...
Guest author Robert Huber is a co-founder of Critical Intelligence, a for profit ICS Cyber Situational Awareness and Threat Intelligence provider. If you look closely at all the banter of information sharing, especially with a focus on the electric sector, you have to...
Thomas Rid of Kings College has a book out with the provocative title: Cyber War Will Not Take Place. Most of the discussion around this book has focused on the assertion in the title, and we cover this in the last third of the podcast. Thomas stresses words matter...
Phyllis Schneck has been selected to head up the cybersecurity division at the US DHS. Her experience leading InfraGard in its early years should be helpful as it required her to focus on public/private issues and deal with the government bureaucracy. She has some...
Admittedly a trivial post … but what is the proper spelling and usage – cyber security or cybersecurity? I’m going to go back to the classic Military Cryptanalytics by Lambros Callimahos and William Friedman and my early days out of college writing...
Yesterday the White House announced the consideration of incentives in eight different areas to spur the adoption of the developing cybersecurity framework. Here is a quick analysis of the likelihood of each having an impact on changing behavior, ordered in most to...
We put the Apa and Hollman’s Black Hat paper Compromising Industrial Facilities From 40 Miles Away in the Worth Reading last Friday. Later on Friday Walt Boyes savaged the researchers in a blog entry saying “There’s a word for...
