Digital Bond

For Secure & Robust ICS

  • Home
  • Consulting
  • S4x18
    • S4x18 Call For Presentations
    • S4x18 Sponsor Packages
  • Dale Peterson
  • Hire Dale To Speak
  • Contact Us

Friday News & Notes

November 30, 2012 by Dale Peterson 2 Comments

Slow week in the SCADA security world.

Siemens announced some new security controls for the S7-1500 line of PLCs. The most interesting feature –“Access protection addresses the problem of protecting the application against unauthorized configuration changes.” We recommend cautious optimism until more details are available as the last Siemens PLC security announcement proved to be less than the press releases promoted. We have asked for the details and are hoping this is a major step forward. There is no pricing at this time, they are not taking orders, and it will not be available until February at the earliest.

We need to get more info on this SANS CyberCity project, especially what they are doing for the power plant.

Tweet of the Week

[blackbirdpie id=”273573325693911040″]

Don’t forget to subscribe to this blog RSS feed and follow @digitalbond.com on twitter.


Worth Reading Articles

  • Billy Rios Tridium Niagra – Directory Traversal – more for the story of its resolution than for the vuln
  • Byres / Tofino Spoof on DCS Security Incident at the North Pole – clever

Critical Intelligence’s ICS Security Event Calendar Updates

  • Northwest Public Power Association Cybersecurity 2013, Jan 23-25 in Tacoma, Washington

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by MaretH

Filed Under: Critical Intelligence, Friday News & Notes Tagged With: SCADA Security News

Comments

  1. Joel "the SCADAhacker" Langill says

    December 3, 2012 at 15:40

    It is worth clarifying a bit of information misrepresented above. Siemens did not introduce “new security controls for their S7-1500 line of controllers”, but rather has introduced from the ground up an entire new line of medium- to high-end controllers designed with many of the security features this site so often finds controllers and control vendors lack.

    This past Summer, Siemens also released some pretty significant new communication processors for the S7-300 and S7-400 lines which also included some significant milestones in addressing many of the more serious vulnerabilities inherent to ICS protocols installed today.

    It would be nice if some credit was given to Siemens, considering that they are learned from past shortcomings, and have done more for the top 5 vulnerabilities facing ENDPOINTS than most other ICS vendors.

    Stay secure …

  2. Dale Peterson says

    December 3, 2012 at 15:50

    Joel – I’m hoping there will be much to praise in this new S7-1500 controller / CPU card or whatever it ends up being. At this point there it’s just an early, vague announcement (perfectly reasonable to build marketing buzz) that can’t be evaluated.

    I could write more, but it would just be speculation. Let’s wait and see what it is.

    Dale

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe to the S4 Events YouTube Channel

S4x18 Stats: 447 people from 25 countries
Thanks to all Attendees, Speakers & Sponsors

Follow S4 Events on Facebook

Tools & Talks

DNS Squatting and You

DNS Squatting and You

February 24, 2016 By Reid W 3 Comments

Basecamp for Serial Converters

Basecamp for Serial Converters

October 30, 2015 By Reid W 3 Comments

escar Asia

escar Asia

September 9, 2015 By Dale Peterson 1 Comment

Unsolicited Response Podcast: Cyber Insurance

Unsolicited Response Podcast: Cyber Insurance

August 27, 2015 By Dale Peterson 3 Comments

S4 Events Newsletter

Subscribe to our newsletter on leading / bleeding edge ICS cyber security information and S4 Events.

* indicates required
Email Format

Dale's Tweets

About Us

Digital Bond was founded in 1998 and performed our first control system security assessment in the year 2000. Over the last sixteen years we have helped many asset owners and vendors improve the security and reliability of their ICS, and our S4 events are an opportunity for technical experts and thought leaders to connect and move the ICS community forward.

Recent Comments

  • Chris on Koyo/Automation Direct Vulnerabilities
  • Brandon Workentin on The ICS Security Stories We Tell And Love
  • Joe Weiss on Insanely Crowded ICS Anomaly Detection Market
  • Stuart Bailey on Unsolicited Response Podcast Is Back … With John Matherly of Shodan
  • Chris Orr on Insanely Crowded ICS Anomaly Detection Market

Search….

Follow @digitalbond

Copyright © 2018 Digital Bond. - All Rights Reserved ·