Eric Byres disagrees with my NOW! presentation and disappointment that he went the SCADA Apologist route. Check his article and comments on it out. Below was my clarification and reply on his site: Hi Eric, You summarize the disagreement fairly, and in a civil way,...
When Reid Wightman was still at Digital Bond in 2012 we discussed how to follow up Project Basecamp. The idea was to give field firewalls a hard shake. Fortunately he was able to continue the work and present at S4 after moving to IOActive. I have a lot to say about...
The theme of S4x13 was NOW! The first video released is my 10-minute introduction to the conference theme and the mission that ICS security experts must stop being SCADA Apologists. Rather than try to repeat the whole presentation in text, just watch the short video....
(Note – we started the post S4x13 coverage with this presentation since Nicole Perlroth of the NY Times has an online and print article on this today) The most important lesson to learn from the S4 ICS Spear Phishing presentation is it demonstrates that...
S4x13 generated a lot of news and was great fun this week. Amazing hanging out with so many smart and interesting people in ICSsec. I’ve got a ton of notes and interesting items for articles next week. And we will start posting the videos on the S4x13 Vimeo...
Guest author Patrick Coyle covers Chemical Sector security, cybersecurity legislation and ICS security on his Chemical Facility Security News. Last month the American Chemistry Council announced that it had, in conjunction with the Infrastructure Security Compliance...
Patrick Coyle’s Chemical Facility Security News site has started the 113th Congress Legislation page for cyber security legislation with emphasis on ICS. He has the go to site for US legislation news and analysis. Was Stuxnet “a prohibited use of...
Last week’s article in the New York Times is highlighting an issue most IT and ICS professionals have known for a while: Anti-Virus sucks. Anti-Virus rarely works against new threats, detection mechanisms can be easily fooled, and as this paper by Feng...
The CFR watering hole attack got most of the news, but yesterday Computerworld reported that Capstone Turbine Corporation had a similar compromise on their website since Dec 18th. Many owner/operators still directly access their trusted ICS vendor websites from their...
Jake Brodsky and Joel Langill had comments in a blog post late last year, CoDeSys IDS Signatures Easily Avoided, stating that is unfair or wrong to focus on an insecure by design PLC issue. They believe we should be focusing on the overall system security and insuring...
