Siemens and McAfee announced today that McAfee’s Application Control whitelisting product has been tested or modified to work with a variety of Siemens PC-based products that were compromised by Stuxnet. (HT: Smart Grid Security Blog) We have been very critical...
I’m seeing two trends in the anecdotal evidence collected in 2011 while on-site with asset owners, primarily pipeline SCADA and power plant DCS: ambition in the security program and attention to reasonable computer and network equipment lifetimes. While the...
The preponderance of ICS security professionals recoil with the concept of smart phones having any role in SCADA or DCS. As covered in an early blog entry, there is a big difference between using smart phones for control and using them to view data that has been...
I was taken to task in a conversation at the OSIsoft User Conference – – why didn’t Digital Bond and others rip into the vendors and ICS-CERT over the response to Luigi and other SCADA security vulnerabilities as in times past? He went on to explain...
The OSIsoft User Conference was bulging at the seams with about 1500 eager attendees, and it seemed like even more. It was a very upbeat group looking for what else they could do with the data they are collecting. User Groups in general are so much more optimistic and...
I have always been amazed by Pat Kennedy and OSIsoft’s ability to say no and then the implementation skill to make it pay off. With a dominant installed base in the Energy Sector and significant market share in other process related industries, OSIsoft...
Luigi Auriemma, of yesterday’s 34 0day ICS vulnerabilities, was kind enough to answer some questions we had. I would have preferred a podcast, but neither my Italian nor his English allowed that. I have slightly edited his responses for English/clarity, but...
The ICS security community is seeing a lot of new products and advertisements offering the ability to monitor and control your process from anywhere with a smartphone or iPad. The trend is almost certainly going to increase with the growing market penetration and...
The U.S. House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies had another panel/hearing on “Examining the Cyber Threat to Critical Infrastructure and the American Economy”. This link has the video of Chairman...
NERC publishes a monthly Key Compliance Trends presentation that has interesting statistical detail on NERC violations, about half of the violations are CIP. This is actually good, detailed info that someone who is immersed in the NERC CIP could really use to track...
