- The patching discussions spawned by the US-CERT OPC Vulnerability Notes and the e-Week article may lead to an ISA SP99 Technical Report and Standard on patching control systems. Bryan Singer said there was a lot of interest, and he is looking to form Working Group 6 to do the work. I’m not sure we need a consensus document on patching practices; it hasn’t been hard to help asset owners create a policy and process in our experience. That said – – maybe the purpose of an ISA document on this is to help a well meaning individual get a recalcitrant management team or other impediment to put in place a sensible policy and process.
- I commented on Robert Graham’s blog about his claim of finding a remotely exploitable vulnerability in OPC Foundation sample code in 5 minutes, but for some reason the comment did not make it up on his site. I wish I had saved a copy of my comment. In a nutshell – if such a vulnerability was found it should have been reported to at least the OPC Foundation and preferably to US CERT. Our experience with the OPC Foundation is they would have been highly interested and very responsive. Robert’s explanation about his customers not caring and not using authentication is no excuse. As detailed in a previous blog entry, implementation vulnerabilities are more serious than the lack of security in a control protocol. This is especially true with OPC servers and other servers that are likely to be on DMZ’s in some installations.
UPDATE: My comment is now posted. There is a tremendous amount of blog spam out there and my guess is a filter mistakenly snagged it. If you have an on topic comment in this blog, and it does not appear, it was likely blocked by a spam filter. Once you have your first comment accepted you move to the approved commenters list on our blog and should not have any other problems.
- Digital Bond’s paper on the SCADA Honeynet results from PCSF has been posted on the PCSF web site.
- Yokogawa announced a DCOM tunnel feature in their latest version of FAST/TOOLS. It seems this will encrypt all DCOM between two FAST/TOOLS systems and limit who can view OPC data or attack an OPC server. The port to Linux is also interesting.