Back in June, Honeywell’s Safety Manager was the first product to achieve ISASecure’s Embedded Device Security Assurance (EDSA) certification. It was certified to meet Level 1, the basic level. Level 1 is a significant accomplishment most PLC’s and...
ICS-CERT may be relieved the spotlight has been focusing on Siemens as their performance and information provided in the Stuxnet and Beresford vulnerabilities has been consistently late and of little or no added value. This makes no sense given the quantity and...
Dillon Beresford of NSS Labs finally went on stage to discuss the multiple vulnerabilities he has found in the Siemens S7 PLC’s. In Part 1 of the report, I’ll go into the details of the attacks as I understand them. Note that Siemens customers are still...
While significant progress has been made in securing ICS workstation and server components over the last ten years, almost no progress has been made in securing PLC’s and other field devices. Now with researchers / hackers of all hat colors, as well as more...
My point: we have multiple Siemens vulnerabilities affecting multiple Siemens products and little clarity from ICS-CERT or Siemens on the totality of the vulns, the impact or the affected products — or what is queued up and ready to come next as soon as...
Digital Bond released a high interaction / very realistic SCADA Honeynet a few years back. Actually a better name would be a PLC Honeynet because it appeared to be a Modicon PLC. It has a points list with realistic values from an actual PLC that can be accessed via...
Industrial Defender, an ICS security products and services vendor, issued a press release announcing three new security services for power plants: Monitor, Manage and Protect. What is novel about the offering is the pricing model. Pricing is based on the megawatts of...
Michael Toecker started an interesting, if slightly disingenuous, thread on control.com. He asks for approaches to the following problem: You’ve been experiencing periodic failures of equipment that is important in the reliable and successful completion of your...
I have yet to meet anyone, who is not on the NERC payroll, who believes that the CIP standards are resulting in anything close to effective and efficient improvement in the bulk electric system’s security posture. (Even ex-NERC and regional entity employees who...
Yesterday Dillon Beresford announced and ICS-CERT confirmed that the Siemens’ S7-200, S7-300 and S7-400 families of PLC’s suffered from the same replay vulnerability as the S7-1200. Siemens had not announced this even though they have had the information...
