It was a busy week for NERC CIP last week, where comments in the Notice of Proposed Rulemaking (NOPR) from FERC indicate that CIP Version 5 will be approved. CIPv5, and the potential successive versions suggested by NOPR language, are going to have a heavy impact on...
I first found out about Stuxnet from this post on the WildersSecurity forum, and not through any of the other channels frequently mentioned. It was early July 2010 when I saw the post, and I immediately started pulling whatever information I could get. It wasn’t...
Siemens had a webinar and put out more information on the security features integrated into the S7-1500 PLC. The features offer some important integrity protection if the Siemens development team implemented them properly. The videos on the site are high level only so...
Eric Byres recently published a 4-part series on security patching for ICS. While I have a few minor disagreements with it and the emphasis/approach, it’s a good primer and important for those who are new to the ICS security space. Owner/operators are struggling...
Because NERC CIP is the regulatory force for cyber security in the electric sector, I tend to do a lot of work with clients on how to best to implement the various technical and administrative requirements. CIP-003-3 R6 requires that owners establish and document a...
Hugo Teso of n.runs had a detailed presentation on aircraft communications and systems and how to hack them at Hack-In-The-Box Amsterdam. Aviation companies were quick to disagree with Teso’s contentions. Outside our area of expertise so we can’t comment...
I am excited to announce that I have started working at Digital Bond. I have a bachelors degree in Computer Science from Southern Illinois University – Carbondale. Before joining Digital Bond I worked at the Tennessee Valley Authority for over 6 years. In that time I...
Chris Jager is a freelance security consultant who is always looking for interesting projects related to NERC CIP or ICS cybersecurity. In this four-part guest post series, he goes over changes to the NERC CIP standards and challenges facing the industry as they...
In one year, April 9th, 2014, Windows XP is at End of Support, meaning that no new updates, security patches, or technical assistance will be available from Microsoft. Ever. If you are a responsible automation vendor, you’ve made plans to get your products...
Chris Jager is a freelance security consultant who is always looking for interesting projects related to NERC CIP or ICS cybersecurity. In this four-part guest post series, he goes over changes to the NERC CIP standards and challenges facing the industry as they...
