I was interviewed yesterday by Ron Gula about SCADA security issues, active and passive scanning of control systems, and the SCADA plugins for Nessus.
Download and listen to the MP3 interview
Check out the Tenable Network Security Blog for the latest tips on how to use Nessus.

Here is the top ten list for Digital Bond’s work in 2006.  These are the items we believe made the biggest positive impact to the SCADA security community.
Again this year we are tremendously proud of many of our SCADA asset owner consulting clients who made substantial improvements in their security postures.  Many of these clients would crack [...]

Here is my view of the big events and items in 2006.  I have excluded any Digital Bond items because it would be hard to be objective in those rankings.  On Wednesday, I’ll blog on Digital Bond’s Top Ten from 2006.
10. Cyberstorm
DHS led this government and industry simulation of a cyber attack that included elements of SCADA protocol attack that [...]

So the last time I blogged about Honeynets we discussed adding realism. I ended up installing the latest test 1.1 version of Roo as a virtual machine and the results were positive. So far a lot of the easy annoying bugs that required enduser debugging and troubleshooting are now fixed (like updating the packages [...]

Digital Bond has spent the last few months developing SCADA plugins for the very popular Nessus vulnerability scanner in a research project funded and assisted by Tenable Network Security. We are proud to announce the first set of plugins is now released and available in Tenable’s Direct Feed.
Tenable Network Security has a detailed blog entry that [...]

Eric Byres, formerly with BCIT and now with ByresSecurity, Inc., is a well known and highly requested speaker at SCADA security events because of his talent for explaining technical issues in an interesting way that can be understood by all regardless of technical skill. Well at S4 you see the technical side of Eric as he presents, [...]

Here is an interesting blog entry from Thomas Ptacek at Matasano for you to chew on this weekend.
Many management and security solutions deploy agents on workstations and servers and offer tremendous benefits, but is there a dark side to this?  Thomas says emphatically yes.
Agent-based architectures are a severe security risk. Risk is amplified as more [...]

Loyal readers of the blog know we are strong proponents of scanning control systems, most recently in a blog entry and white paper that describes why control systems must be scanned and how we do it. However a scan is not a security assessment, it is one part of the assessment and is often more valueable as a [...]

The S4 papers have been pouring in this week as we get ready to send the Proceedings to press. There is some very interesting and impressive work going on out there. I’ll highlight a few of the papers over the next two weeks.
The first paper I’ll preview comes from Germany starting a theme that you [...]

The PCSF 2007 Annual Meeting is scheduled for March 6-8 in Atlanta. They have just issued a “Call for Solutions” with a short deadline. Proposals are due by Dec 12th, so get on it if you are interested in presenting.
The solution areas are Understanding Risk, Requirements/Operational Considerations, Arechitecture/Design, and Devices/Components. The solutions are suppose to present [...]