CIP-002-4 Is Coming
(This article was originally published on the Findings From the Field blog.)NERC announced earlier this month that long-debated changes to the NERC CIP-002 standard have passed ballot and are being...
View ArticleSecurity Basics: Control System Forensics
(This article was originally published on the Findings From the Field blog.)Most network administrators recognize the term computer forensics as the discipline of collecting evidence from computers for...
View ArticleCompliance Managers Support Forensics
(This article was originally published on the Findings From the Field blog.)One aspect of forensics practice which is regularly mentioned but is rarely described in any detail is configuration...
View ArticleStill No Report on Fly-Away Teams
(This article was originally published on the Findings From the Field blog.)The ICS-CERT has released a 7-page 2010 Year in Review summary. Prominent industrial security commentators Dale Peterson, PJ...
View ArticleMcAfee Documents “Night Dragon” APT
(This article was originally published on the Findings From the Field blog.)McAfee has released a report describing a new Advanced Persistent Threat they dubbed "Night Dragon." The attackers were able...
View ArticleHow Stuxnet Spreads
Eric Byres, Joel Langill and I have just released a new whitepaper: How Stuxnet Spreads - A Study of Infection Paths in Best Practice Systems. The paper details how the worm moves through what appear...
View ArticleSymantec Dossier Updated: v1.4
(This article was originally published on the Findings From the Field blog.)A week ago, Symantec released the third update to their Stuxnet Dossier, adding sections on chains of infection and on the...
View ArticleSmart Grid Safety vs Confidentiality
(This article was originally published on the Findings From the Field blog.)I just returned from Smart Grid Security East. The event featured an impressive set of high-powered government and regulatory...
View ArticleAdvanced Threats and Smart Grid Standards
(This article was originally published on the Findings From the Field blog.)At the recent Smart Grid Security East conference, I had opportunity to ask two standards gurus about advanced threats and...
View ArticleInside-Out Pen-Testing Still Rare
(This article was originally published on the Findings From the Field blog.)Industrial Defender's penetration testers report that they see "inside-out" penetration testing engagements only rarely. In...
View ArticleVulnerabilities Not News to Experts
(This article was originally published on the Findings From the Field blog.)Last week's announcement by Luigi Auriemma of 35 unpatched ICS vulnerabilities is no surprise to SCADA/ICS experts. If...
View ArticleCIP-002-4 “Bright Line” Secures 163 Plants, Max
(This article was originally published on the Findings From the Field blog.)In the 2009 statistics, the latest available, NERC tracked some 10,500 generators with a nameplate capacity of 0.1 MW or...
View ArticleSecurity Basics: Social Engineering
(This article was originally published on the Findings From the Field blog.)Miles McQueen of the University of Idaho & Idaho National Laboratories had an interesting presentation in the Security...
View ArticleAir Gaps Dead, Network Isolation Making a Comeback
(This article was originally published on the Digital Bond blog.)Eric Byres recent post claiming the #1 ICS and SCADA Security Myth is protection by air gaps struck a cord with me. I have been...
View ArticleProject Basecamp: Tempest in a Teapot
I have been thinking about the DHS ICSJWG Spring Conference of a week ago, and the 2-hour debate at the conference on device security and the Digital Bond "Project Basecamp" project that was announced...
View ArticleICS and SCADA Security Myth: Protection by Firewalls
(This article was originally published in the June, 2012 ICSJWG Quarterly Newsletter.)In this article I am going to talk about a fairy tale. This tale doesn’t have princes or frogs in it, but instead...
View Article100,000 Vulnerabilities
(This article was originally published on the Digital Bond blog.)The popular press cites an “alarming” statistic from time to time – the “dramatic” increase in cyber-security vulnerabilities being...
View ArticleProtecting Critical Infrastructure Published
Cyber-Physical Security - Protecting Critical Infrastructure at the State and Local Levelwas published recently. I contributed chapter 4 "Cyber Perimeters for Critical Infrastructures." Essential to...
View ArticleSCADA Security Published
My book SCADA Security - What's broken and how to fix it is live on Amazon in soft-cover and Kindle formats. The book's launch was the Waterfall/TDi mingle at the ICSJWG last month, with copies...
View ArticleSCADA Security Site Launched
www.scada-security.ca is live. The site is focused on approaches to modern SCADA Security education. One of the things I'm doing at Waterfall Security Solutions, is working with a couple of different...
View ArticleControl Is Not Data
(First published in the DHS ICSJWG Dec/2016 Newsletter as Control Is Not Data.)IT gurus tell us that control system security is essentially the same as IT security, and that both are about "protecting...
View ArticleProtecting Industrial Control Systems from Spectre and Meltdown
The big news today is the Spectre and Meltdown bugs. These vulnerabilities let attack code such as Javascript steal passwords, encryption keys and session cookies from kernel memory and/or browser...
View ArticleTotal Meltdown
The Meltdown / Spectre saga continues. Ulf Frisk just posted a description of a vulnerability he has coined “Total Meltdown”. It seems that Microsoft developers introduced an even worse vulnerability...
View ArticleDefining Control Security
This post first appeared on the Waterfall Security Solutions Blog July, 2018“The beginning of wisdom is the definition of terms.”– Socrates (470 – 399 B.C.) Definitions are important – good ones shape...
View ArticleSecure Operations Technology
I am pleased to announce the general availability of my new book, Secure Operations Technology(SEC-OT). SEC-OT is a perspective, a methodology and a set of best practices that document what...
View Article
More Pages to Explore .....