Digital Bond

For Secure & Robust ICS

  • Home
  • Consulting
  • S4x18
    • S4x18 Call For Presentations
    • S4x18 Sponsor Packages
  • Dale Peterson
  • Hire Dale To Speak
  • Contact Us

Friday News & Notes

October 12, 2012 by Dale Peterson 1 Comment

ICS Security NewsEmerson announced that DeltaV DCS deployments will support virtualization in April 2013. They also highlighted the “Smart Firewall”, which sounds very similar to the Honeywell CF9 approach. Basically block everything but DeltaV required protocols out of the box. The simplicity allows a technician to deploy the firewall. Finally, the Next Generation Web Server will provide real time process data to external users on the corporate network or even the Internet. Hopefully they have been working with one-way data diode company to support the push from Delta V Event Chronicle or Continuous Historian to this NextGen Web Server. The details matter, of course, but this is all good news for DeltaV users.

Infamous SCADA vuln hunter Luigi Auriemma has partnered with Donato Ferrante to found a new company call [Re]Vuln. They will perform a variety of consulting services and are selling a 0-day feed for vulns they discover and a 1-day feed for analyzing vulns others discover. It will be interesting to compare the 1-day feed for ICS vulns to the ICS-CERT analysis. The impetus for this new company stems from Luigi’s bad experience with the ZDI.

US Secretary of Defense Leon Panetta gave a speech entitled, “Defending the Nation From Cyber Attack“. He has a succinct description of the impact of an attack on critical infrastructure ICS, but other than that there was not much to like. He continues the baffling government policy of playing down the fact the systems are insecure by design and need to be upgraded or replaced. All the cyber warriors, new government structures and information sharing won’t change that. He also sidles by the issue of US Gov offensive capabilities, but this is probably wise and not unexpected.

The September ICS-CERT Monthly Monitor is out to the general public now. The most important item is that ICS-CERT is now a CVE Numbering Authority so the delay between ICS Alerts and Advisories and assigned CVE numbers is eliminated. This will help owner/operators security patch management programs. Other than that it is a bit dull.

Jim Gilsinn is leaving NIST and joining Kenexis. Jim has been very active in the ISA99 standards process including writing a large part of a number of the standards. I’d imagine that will continue with Kenexis. Good luck Jim.

Joel Langill writes about GLEG’s latest release of the SCADA+ pack of exploits for Immunity’s CANVAS exploit framework. The most interesting is a FTPD denial of service module for the QNX operating system.

Nextgov reports that a panel urged US DHS to “create a reserve cadre of cyber experts”. The idea is it would be like a National Guard that could be called on when required. Interesting idea, but I wonder what kind of talent would make a National Guard type commitment to come whenever called. A voluntary reserve cadre could be quite effective because many in the ICS security space have wanted to know how they can help.

Finally, I’m sad to announce that Reid Wightman is leaving Digital Bond to join ioActive. As loyal blog readers know he is immensely talented and was the driving force behind Project Basecamp. In the last year, ioActive has put together an impressive group of advanced ICS security researchers and should be interesting to watch. Best of luck, Reid and stay in touch as one of the many talented Digital Bond alumni.

Tweet of the Week

[blackbirdpie id=”256762876570767360″]

Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.


Worth Reading Articles

  • Travis Goodspeed’s Emulating USB DFU to Capture Firmware

Critical Intelligence’s ICS Security Event Calendar Updates

  • ISA webinar Firewalls and Security Zones on the Plant Floor, March 27
  • ISA webinar A Tour of the ANSI/ISA99 Security Standards, April 3 (DP Note – $215 for ISA members for a promotional webinar? Wow, bold move.)

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by Steve Snodgrass

Filed Under: Critical Intelligence, Friday News & Notes

Comments

  1. Joel "the SCADAhacker" Langill says

    October 15, 2012 at 08:40

    I just wanted to clarify a note above regarding Emerson’s “Smart Firewall”. Emerson has had for a number of years a device called the “Controller Firewall” which is really more in line with Honeywell’s CF9 – unfortunately, they really have not been pushing this product so there are not a lot installed and consider it “optional”. It is based on the Hirschmann Eagle industrial firewall (not the Eagle 20 which is a more advanced version developed by Byres Security that includes deep-packet inspection capabilities).

    The new “Smart Firewall” is actually more like a traditional Unified Threat Management (UTM) appliance that one would typically install on the conduit between the Control, DMZ and Enterprise zones of their ICS architecture. This new appliance should be a nice addition to the DeltaV portfolio, and will able to be updated with the latest threat signatures via their standard Guardian support program.

    Last I heard, Emerson was planning to rely on Wurldtech to assist with the threat management aspect of the appliance. This will be interesting to see how that evolves, and represents a somewhat new space for the folks at Wurldtech.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe to the S4 Events YouTube Channel

S4x18 Stats: 447 people from 25 countries
Thanks to all Attendees, Speakers & Sponsors

Follow S4 Events on Facebook

Tools & Talks

DNS Squatting and You

DNS Squatting and You

February 24, 2016 By Reid W 3 Comments

Basecamp for Serial Converters

Basecamp for Serial Converters

October 30, 2015 By Reid W 3 Comments

escar Asia

escar Asia

September 9, 2015 By Dale Peterson 1 Comment

Unsolicited Response Podcast: Cyber Insurance

Unsolicited Response Podcast: Cyber Insurance

August 27, 2015 By Dale Peterson 3 Comments

S4 Events Newsletter

Subscribe to our newsletter on leading / bleeding edge ICS cyber security information and S4 Events.

* indicates required
Email Format

Dale's Tweets

About Us

Digital Bond was founded in 1998 and performed our first control system security assessment in the year 2000. Over the last sixteen years we have helped many asset owners and vendors improve the security and reliability of their ICS, and our S4 events are an opportunity for technical experts and thought leaders to connect and move the ICS community forward.

Recent Comments

  • Chris on Koyo/Automation Direct Vulnerabilities
  • Brandon Workentin on The ICS Security Stories We Tell And Love
  • Joe Weiss on Insanely Crowded ICS Anomaly Detection Market
  • Stuart Bailey on Unsolicited Response Podcast Is Back … With John Matherly of Shodan
  • Chris Orr on Insanely Crowded ICS Anomaly Detection Market

Search….

Follow @digitalbond

Copyright © 2018 Digital Bond. - All Rights Reserved ·