Quantcast
Channel: Control System Security
Browsing latest articles
Browse All 33 View Live

CIP-002-4 Is Coming

(This article was originally published on the Findings From the Field blog.)NERC announced earlier this month that long-debated changes to the NERC CIP-002 standard have passed ballot and are being...

View Article



Security Basics: Control System Forensics

(This article was originally published on the Findings From the Field blog.)Most network administrators recognize the term computer forensics as the discipline of collecting evidence from computers for...

View Article

Compliance Managers Support Forensics

(This article was originally published on the Findings From the Field blog.)One aspect of forensics practice which is regularly mentioned but is rarely described in any detail is configuration...

View Article

Still No Report on Fly-Away Teams

(This article was originally published on the Findings From the Field blog.)The ICS-CERT has released a 7-page 2010 Year in Review summary. Prominent industrial security commentators Dale Peterson, PJ...

View Article

McAfee Documents “Night Dragon” APT

(This article was originally published on the Findings From the Field blog.)McAfee has released a report describing a new Advanced Persistent Threat they dubbed "Night Dragon." The attackers were able...

View Article


How Stuxnet Spreads

Eric Byres, Joel Langill and I have just released a new whitepaper: How Stuxnet Spreads - A Study of Infection Paths in Best Practice Systems. The paper details how the worm moves through what appear...

View Article

Symantec Dossier Updated: v1.4

(This article was originally published on the Findings From the Field blog.)A week ago, Symantec released the third update to their Stuxnet Dossier, adding sections on chains of infection and on the...

View Article

Smart Grid Safety vs Confidentiality

(This article was originally published on the Findings From the Field blog.)I just returned from Smart Grid Security East. The event featured an impressive set of high-powered government and regulatory...

View Article


Advanced Threats and Smart Grid Standards

(This article was originally published on the Findings From the Field blog.)At the recent Smart Grid Security East conference, I had opportunity to ask two standards gurus about advanced threats and...

View Article


Inside-Out Pen-Testing Still Rare

(This article was originally published on the Findings From the Field blog.)Industrial Defender's penetration testers report that they see "inside-out" penetration testing engagements only rarely. In...

View Article

Vulnerabilities Not News to Experts

(This article was originally published on the Findings From the Field blog.)Last week's announcement by Luigi Auriemma of 35 unpatched ICS vulnerabilities is no surprise to SCADA/ICS experts. If...

View Article

CIP-002-4 “Bright Line” Secures 163 Plants, Max

(This article was originally published on the Findings From the Field blog.)In the 2009 statistics, the latest available, NERC tracked some 10,500 generators with a nameplate capacity of 0.1 MW or...

View Article

Security Basics: Social Engineering

(This article was originally published on the Findings From the Field blog.)Miles McQueen of the University of Idaho & Idaho National Laboratories had an interesting presentation in the Security...

View Article


Air Gaps Dead, Network Isolation Making a Comeback

(This article was originally published on the Digital Bond blog.)Eric Byres recent post claiming the #1 ICS and SCADA Security Myth is protection by air gaps struck a cord with me. I have been...

View Article

Project Basecamp: Tempest in a Teapot

I have been thinking about the DHS ICSJWG Spring Conference of a week ago, and the 2-hour debate at the conference on device security and the Digital Bond "Project Basecamp" project that was announced...

View Article


ICS and SCADA Security Myth: Protection by Firewalls

(This article was originally published in the June, 2012 ICSJWG Quarterly Newsletter.)In this article I am going to talk about a fairy tale. This tale doesn’t have princes or frogs in it, but instead...

View Article

100,000 Vulnerabilities

(This article was originally published on the Digital Bond blog.)The popular press cites an “alarming” statistic from time to time – the “dramatic” increase in cyber-security vulnerabilities being...

View Article


Image may be NSFW.
Clik here to view.

Protecting Critical Infrastructure Published

Cyber-Physical Security - Protecting Critical Infrastructure at the State and Local Levelwas published recently. I contributed chapter 4 "Cyber Perimeters for Critical Infrastructures." Essential to...

View Article

Image may be NSFW.
Clik here to view.

SCADA Security Published

My book SCADA Security - What's broken and how to fix it is live on Amazon in soft-cover and Kindle formats. The book's launch was the Waterfall/TDi mingle at the ICSJWG last month, with copies...

View Article

SCADA Security Site Launched

www.scada-security.ca is live. The site is focused on approaches to modern SCADA Security education. One of the things I'm doing at Waterfall Security Solutions, is working with a couple of different...

View Article

Control Is Not Data

(First published in the DHS ICSJWG Dec/2016 Newsletter as Control Is Not Data.)IT gurus tell us that control system security is essentially the same as IT security, and that both are about "protecting...

View Article


Protecting Industrial Control Systems from Spectre and Meltdown

The big news today is the Spectre and Meltdown bugs. These vulnerabilities let attack code such as Javascript steal passwords, encryption keys and session cookies from kernel memory and/or browser...

View Article


Total Meltdown

The Meltdown / Spectre saga continues. Ulf Frisk just posted a description of a vulnerability he has coined “Total Meltdown”. It seems that Microsoft developers introduced an even worse vulnerability...

View Article

Defining Control Security

This post first appeared on the Waterfall Security Solutions Blog July, 2018“The beginning of wisdom is the definition of terms.”– Socrates (470 – 399 B.C.) Definitions are important – good ones shape...

View Article

Image may be NSFW.
Clik here to view.

Secure Operations Technology

I am pleased to announce the general availability of my new book, Secure Operations Technology(SEC-OT). SEC-OT is a perspective, a methodology and a set of best practices that document what...

View Article

Browsing latest articles
Browse All 33 View Live




Latest Images