So in previous blogs we’ve bemoaned the complexity of the “utility stack” used by ICCP and friends, but over on the Enterprise side, Java/J2EE is no slouch, either.
Besides being currently engaged in a J2EE App Assessment for one of our non-SCADA clients, we’re using a lot of Java web applications and developing some security tools [...]

Two events last week made be wonder again what SCADA vendor will be the “Apple” against the rest of the “Microsoft” vendors.
Event one occurred repeatedly in the SCADA course I taught last week. A couple of students longed for a UNIX or Linux solution and were not at all happy with the move to a [...]

The cover story of the June issue of InTech is on wireless. I didn’t see much new information in the article, perhaps with the exception of some survey numbers, but there were some bold statements.
“There are numbers of applications where wireless is cost effective and useful today,” said Wayne Manges, program manager of industrial wireless [...]

So I had one of those “NPR Driveway Moments” they always talk about during fund raising during tonight’s episode of Fresh Air. Terry Gross interviewed Ron Suskind about his new book which discusses what he claims are the origins of the Bush administration’s anti-terrorism strategy. Regardless of the political implications, whether or not the U.S. [...]

Here it is: the Call for Papers for the SCADA Security Scientific Symposium (S4).
I know, I know. Some of you are saying yet another SCADA security conference! And oh, wasn’t Dale complaining about this just a few months ago? Yes, but I’ve also been concerned that the community has lacked an event where researchers and [...]

One of the real challenges in securing SCADA networks, especially over a shared or exposed WAN, is the SCADA protocols do not authenticate the source of the communications or the data integrity. If an attacker can access the WAN, she can send commands to a field device or responses to a control server. This vulnerability [...]

While I think the Overview of Vulnerabilities is definitely good stuff (and in my wildest dreams I could never hope to draw diagrams that cool, Mac or no Mac) from a purists perspective, the clickable “Secure Architecture Design” image sometimes left me scratching my head.
Let’s click on control systems firewall.
So we get links to a [...]

INL, Sandia, PNL and other industry organizations working with DHS have developed a large amount of SCADA security knowledge, especially over the past three years. Too often this knowledge was stuck in the labs. Recognizing this, DHS has worked with the labs to begin pushing more of this information out to the SCADA security community.
Yesterday [...]

The Control Systems Security Event Monitoring (SEM) Working Group at PCSF has been working on a method to regularly collect statistics from SCADA and DCS networks that are being monitored for cyber security events. The goal is to quantify the threat for use in risk calculations.
Well, it has begun. See the April statistics.
The effort is [...]

My print copy of the Atlantic Monthly arrived today and, besides an article on Abu Musab Al Zarqawi (also pictured on the cover) that is testament to the obsolescence of print journalism, there was quite and interesting article called Jihad 2.0 that describes the exploits (pun intended) of hacker named “Irhabi 007″ with ties to [...]