The Basic Persistent Threat
So Jason Holcomb (of Digital Bond) and I are coining some new phrases in regards to cyber security as it applies to control systems. Control systems are a literal regression to many of IT's worst...
View ArticleThe NERC audit process is very broken
If the chief objective of the NERC audit process is to improve the security posture of the asset owners and ISOs, then it fails miserably to achieve said goal. Instead, because the auditors can...
View ArticleThe "mootness" of Control System Security Research
A lot of research is ongoing with the appellatic title of "control systems research." The goal; securing control systems from cyber attack. Research that is funded in part by the control systems...
View ArticleCouple of little scripts
used to check for:Well from a hacker's side, credential re-use, you know see if that password hash you just cracked will work on other systems;)From a defender's side... check for ssh services and...
View ArticleStuxnet thoughts and process reactions
There has been a lot of discussion of the Stuxnet malware in the control systems sphere the last couple of weeks. As details emerge it becomes ever more apparent that this malware was the equivalent of...
View ArticleThe root of the problem
In its simplest form the root of the issue with securing control systems is that there is no inherent security in a control system. There are no mechanisms when you purchase and deploy a control system...
View ArticleWhat not to do....
make publicly available documents showing:network topologyfull scada schematicswireless hotspotscamera coveragefencingyada yada yada.Basically do not do nor make available what you see...
View ArticleBrilliant
Jason Holcomb of Digital Bond tuned me into this little snippet of brilliant insight from Ralph Langer..... which ties directly into my earlier post:(Quoting myself) So if you as an asset owner are...
View ArticleSad State of Affairs
It has been 3 months since my last post..... guess I am doing a poor job in blogging, but constant security work and a slow changing landscape do little to inspire ;)Yesterday Italian security...
View ArticleKevin's Theorem
Of the security of control systems products."Kevin's Theorem" being: all control systems products from a security perspective are crap and when examined will reveal easily exploitable security flaws.
View Article
