This morning, at our S4 Conference, Reid Wightman gave a detailed two-hour presentation on the Project Basecamp results. Project Basecamp had six great researchers looking for vulnerabilities in six different PLC’s / field devices, and the PLC’s took a beating. There...
The UK Government Centre for Protection of National Infrastructure (CPNI) published a list of 20 Critical Controls for Cyber Defence in conjunction with SANS. Many in the ICS world don’t follow SANS, so this distribution may reach a broader ICS audience. The...
Industrial Defender recently hired Pike Research to write a research report titled: Convergence in Automation: Systems Protection, Monitoring, Managing, and Securing Control Systems, and it’s available for free with registration on the ID site. There also is a...
Question – Can a PLC or other field device be certified as secure if lack of basic authentication allows an attacker to control a process and compromise the integrity of the PLC? Between Dillon’s S7 work, Ruben’s recent Modicon post and all the...
It’s difficult to find hard data in the ICS security realm, so Industrial Defenders’ recently published survey provides some welcome data points. The survey is officially titled “Managing Automation Systems: Critical Infrastructure Operators’...
Guest author Jason Holcomb is a Digital Bond alumnus who is now a Senior Security Consultant for Lockheed Martin’s Energy and Cyber Services group where he is responsible for providing critical infrastructure security consulting services and integrating ICS security...
Back in September 2011 2010 Ralph Langner had hard evidence that the Stuxnet code was fingerprinting and attacking a specific process in a PLC. After Ralph announced his findings, and we blogged on them extensively, it was weeks before it got seriously picked up...
The Energy Sector Cyber Security Roadmap developed by the US Dept of Energy was well received when it first came out in 2006 and was recently revised. Other sectors saw this and it has led to a Water Sector Roadmap, Chemical Sector Roadmap and various other sector...
ICS-CERT updated their Advisory ICSA-11-094-02A – Advantech/Broadwin WebAccess RPC Vulnerability last week, and inspired us to start our Insecure Products List. The update was short but serious: “Advantech/BroadWin has notified ICS-CERT that a patch will...
A number of related issues brought up at ICSJWG have been floating around my head in the long flight to Asia: market failure, regulation and the public’s right to know. At ICSJWG a friend reminded me that in his S4 keynote Dr. Ross Anderson said that regulation is...
