For the second week we have a story that dwarfed all others and led to a flurry of mainstream press interest — of course it is Mandiant’s Whitepaper on APT1. The related inside-baseball story I’m waiting for is how much all of this has been...
A lot of Digital Bond readers are not electric power professionals, so I figured some 101 on the electricity sector might be appropriate. One of the more fascinating, and least understood even by power professionals, aspects of electric power is the electric power...
The Journal of Strategic Studies published my article Offensive Cyber Weapons: Construction, Development and Employment, and it is now available for free download. Thanks to Thomas Rid for inviting me to write this and organizing the five articles on this topic. I had...
Of course the big story was President Obama’s Executive Order Improving Critical Infrastructure Cyber Security with the key elements being information sharing and the development of the cybersecurity framework. The biggest potential impact is a possible...
I presented “You Have No Integrity” today at the SANS SCADA Security Summit in Orlando, Florida. The presentation included numerous examples on how ICS lack integrity — if you can get to the ICS it is game over because source and data authentication...
After the S4 conference, I attended the RFCat class taught by atlas 0f d00m(@at1as on twitter). The RFCat is a combination of hardware and software used to explore the 300-928 Mhz radio spectrum. It’s not SDR, but it’s LIKE SDR. The intent, and...
Yes, critical infrastructure and high value ICS need to upgrade or replace their insecure by design PLC’s and other field devices now. As stated in an earlier article, this is likely a 1 to 3 year effort, and some systems may take longer. The key is to begin the...
I’ll be at the SANS SCADA Security Summit next Monday – Wednesday. On Wednesday I’ll be presenting, “You Have No Integrity” with numerous technical and ethical examples. Say hi or throw tomatoes if you are there. The National Association...
Responding to cyber vulnerabilities as a vendor is a lot like responding to diaper issues. No matter what, you are going to handle a lot of crap from both ends. As a vendor, all you want to do is clean it up, and move on with operation. But just like diapers, doing it...
The team at SCADA Strangelove has added the ability to crack Siemens S7 passwords to the John the Ripper tool. And the team at Drainware released Siemens S7 discovery scripts for nmap. The Washington Post reports that the US military will increase its cybersecurity...
