For a bit of history that we all know, ICS wasn’t originally built to be patched and updated on a regular basis. In an automation world that demanded static systems that could perform their function day after day with limited intervention, this wasn’t...
A NATO research team of experts has determined that Stuxnet was an act of war. “Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force.” The use of force is only allowed in self-defense. Want to weigh in on how government...
We added some brief, 15-minute sessions to S4x13, and Chris Sistrunk of Entergy briefly describes how they calculated the risk of each RTU in their system. They calculate the probability of compromise/failure based on the vendor/model, considering items like the age...
Chris Jager is a freelance security consultant who is always looking for interesting projects related to NERC CIP or ICS cybersecurity. In this four-part guest post series, he goes over changes to the NERC CIP standards and challenges facing the industry as they...
We have put up a Vimeo Portfolio that includes the ten S4x13 videos released to date. There are still a few more to come. You can always find the link to the S4x13 and S4 2012 video portfolios in the right column of the digitalbond.com home page. The US Dept of Energy...
Sergey Gordeychik of Positive Technologies presents in 45 minutes a large number of vulnerabilities in WinCC at S4x13 — yes the WinCC of Stuxnet fame. There are also some findings on the S7 PLC’s. The work is part of the impressive SCADA Strangelove...
EnergySec experienced an unhappy holiday season last December as a significant number of the employees were let go, reduced their hours, deferred pay or shifted to unpaid volunteer status. These were people at all levels of the organization from the CEO, who included...
Chris Jager is a freelance security consultant who is always looking for interesting projects related to NERC CIP or ICS cybersecurity. In this four-part guest post series, he’ll go over changes to the NERC CIP standards and challenges facing the industry as they...
Kelly Jackson Higgins has a Worth Reading article on ICS-CERT. The common line of defense of ICS-CERT is a CERT only does coordination, and we should not expect more. I’m glad that Kelly included ICS-CERT’s mission verbatim in the article. What really has...
There are a number of very good general ICS security courses available, such as Red Tiger, SCADAhacker, UtiliSec or the INL courses. We thought we would try a course aimed at a specific type of control system with the hope of providing more tailored, understandable...
