After two years establishing and running Digital Bond Labs, Reid and I have decided that it makes more sense to run this as a stand alone business. So I have the honor to be the first to announce and congratulate Reid on his new company: RevICS.
In all candor I've been surprised that the synergies we expected between ICS security consulting and …
Continue ReadingFeatured Articles
May 23, 2016Basecamp Redux: Siemens S7-1500 PLC Gets French ANSSI Certification
We will have a series of articles coming soon on the new Siemens S7 PLC security features, and I'm pleased to announce that Oliver Narr of Siemens will join representatives from GE, Rockwell Automation and Schneider Electric on our NextGen PLC Security panel at S4xEurope, June 9-10 in Vienna.
Consider this a bit of appetizer as last week Siemens …
Continue Reading
April 26, 2016Basecamp Redux: Minimizing Attack Surface & Security Logging in Modicon M580
This is the fourth in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure protocols. It's time to plan for your next ICS, or even accelerating upgrade plans, …
Continue Reading
April 19, 2016Basecamp Redux: Secure ICS Protocols in Modicon M580
This is the third in a series of articles on security features in the next generation of PLC's that will mark the end of Insecure By Design. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure protocols. It's time to plan for your next ICS, or even accelerating upgrade plans, …
Continue Reading
April 11, 2016Project Basecamp Redux: The Death of Insecure By Design
This is the first in a series of articles on a topic of very good news for the ICS community. A panel at S4xEurope will highlight Secure PLC's, and the event includes other sessions on PLC integrity and ICS secure protocols. It's time to plan for your next ICS, or even accelerating upgrade plans, to be securable.
At S4x13 Reid Wightman and a …
Continue ReadingS4 News
August 19, 2016The Ghost of S4 CTF Past
We have been preparing some new and interesting challenges for the S4 CTF this year, and I think that players will have a lot of fun with what we have in the works. We have a number of nice challenges that involve breaking and entering into our ‘Killer Robot Factory’ (players from last year’s CTF …
Continue ReadingS4 Video: Attacking The Plant Through WirelessHART
There are two weeks left to submit your session proposal for the S4x17 Main Stage or Stage 2: Technical Deep Dives. Take a look at the Call For Presentations and submit this month.
Subscribe to The S4 Events YouTube Channel
This S4xVideo is a great example of what we try to do on Stage 2. Jalal …
Continue Reading
June 21, 2016S4x17 Call For Presentations
Today through August 31st the S4x17 Call For Presentations is open. It is the place to present advanced topics in ICS and related fields to an audience will get it.
The process is real simple. Send an email with 2 or 3 paragraphs on your session idea to s4@digitalbond.com. We evaluate session …
Continue ReadingS4 Classic Video: Langner’s Stuxnet Deep Dive
Tomorrow we will be officially opening the S4x17 Call For Presentations (CFP), so I thought it would be the perfect time to highlight one of the S4 Classics to show what a S4 Technical Deep Dive looks like. Watch how Ralph goes through the code/logic in detail so you can see the key features of …
Continue ReadingS4x16 Video: Langner’s Critical Penetration Analysis in Nuclear Power
A great 22 minute presentation by Ralph Langner of The Langner Group at S4x16. He provides some very specific examples of a cyber / physical attack on nuclear power plants. For example, a cyber attack on all of the feedwater systems.
https://youtu.be/LiNtzCibDko
What is the key to this type of …
Continue ReadingS4xEurope Video: IRONGATE – Technical Deep Dive
We decided to put the IRONGATE video from last week's S4xEurope out first. There is no new big reveal over the information put out in the FireEye article, but Rob provides a lot of context that makes it easier to understand. He also focuses on unanswered questions and a comparison to Stuxnet.
If …
Continue Reading
Recent Comments