A press release from Ember announced the company had record revenues in 2010 and that they shipped 10 million Zigbee chips last year. From the press release: Ember’s strong growth was fueled by smart meter deployments worldwide, where Ember’s ZigBee chips...
One of the many things that I noticed at a plant is that there are no security controls for protecting against unauthorized devices from being connected to the control system servers and workstations. This had me thinking about the Data Loss Prevention (DLP)...
In my first post on the Attack Surface Analyzer, we looked at the basic function and how it fits into the SDL. For this post, we’ll take a deeper look at some of the information the tool provides and a bit about the process used to get that information. As I...
A major difference in ICS vendor’s security strategies is how much effort they are putting on security throughout the product lifecycle, or their Security Development Lifecycle (SDL). Put another way, how secure is their own code from common programming mistakes that...
Stuxnet continues to be in the news: control system, infosec and general. It is widely covered with fact, theory, analogies and crazy conjecture, with the recent articles comparing the WellinTech vuln to Stuxnet being the latest foolish article and the NYT research...
Roadmap to Secure Energy Delivery was published for comment. It is a revision of the 2006 Energy Sector Security Roadmap that has subsequently been highly leveraged/copied by other sectors. Before diving into the revised Roadmap, let’s take a quick look at how...
Jason is spot on in his last post on default and easily guessed passwords. Extending Jason’s rant a bit here . . . passwords don’t work. This isn’t news; we all live with the problem and have our own work around because humans can’t remember...
ISA99 is one of the oldest and prolific control system security standards groups. They published the first quality technical reports on the topic, and have an ambitious 14 document work plan depicted at the bottom of the post. The working groups are gaining members...
Yesterday the Senate Homeland Security and Government Affairs Committee held a hearing on Securing The Critical Infrastructure in the Age of Stuxnet. There were four panelists and here were my notes: Sean McGurk – DHS Acting Director, National Cybersecurity and...
I wrote the blog below last weekend and didn’t post it because maybe we were suppose to know the article was a press release even though it looked like an “article”. Today I received the same article in an Automation World News Insights email...
