Trying a new, blunt method of communication because numerous blog entries, presentations and papers just aren’t getting through. Please read and reread the following paragraph: If you have network access to almost any PLC, RTU or other type of field device, then...
The Senate Committee on Homeland Security & Government Affairs held a hearing on the recent White House legislative proposal on Cybersecurity. Pay attention to this as it would have a big impact on the most critical infrastructure, and there have been efforts to...
Yesterday Dillon Beresford cancelled his talk and demonstration titled Chain Reaction: Hacking SCADA at the Takedown event after a discussion with DHS and Siemens. Wired has an article with the details which includes the Beresford quotes “Based on my own understanding...
Last week President Obama provided a legislative proposal on cybersecurity with a potentially large impact on the ICS community. Actually it is a number of legislative proposals in a single document. A portion of it covers government “evaluation” of...
We have been early and big fans of SCADA virtualization for servers and workstations. Not for the server consultation consolidation benefits that drive most IT virtualization projects. Control systems have a surprisingly small number of servers and workstations so...
The semi-annual Industrial Control System Joint Working Group Conference is traditionally the best place to catch up with everyone in the ICS Security community. DHS puts on a solid program, and there is a certain feeling you need to be here even though there have...
The mass of vulnerabilities and related proof-of-concept exploit code released by Luigi Auriemma were a new event and test to the ICS world. Let’s take a look at the progress one month later – – and it is good news. Siemens First, my prediction that...
Statements by DHS Secretary Janet Napolitano just knocked be off my 12-step program to stop Stuxnet blogging. She was quoted in a Computer World article saying: “The key thing we learnt from Stuxnet was the need for rapid response across the private...
The ICS Security Community had an interesting event, or perhaps a test, this weekend with the false report of a FPL Wind Farm in New Mexico being hacked. So far we know of a similar, but not identical, emails providing details of the hack hoax being sent to three...
The Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) is an academic research effort led by University of Illinois and funded by the US Department of Energy and DHS. And at almost $19M for five years, it is not a small effort. Even prior to this...
