Second in a series of SCADA Honeynet posts
We wanted to expose and test both physical and simulated honeypots in our SCADA Honeynet project. Physical honeypots are actual equipment and provide the highest level and most realistic interaction with attackers. The downside is actual SCADA devices can be expensive and difficult to deploy. However, this cost [...]

So for some reason I followed a banner ad over to the Intel VPro Site this morning. The big deal here (or so it would seem) is the notion of “hardware security.”
So in network [security] devices when something is “done in hardware” that means there is a custom processor, accelerator, chipset, FPGA, ASIC, or something [...]

The SCADA Security track had four presentations on day two:
1. PCSF: Mike Torppey, Mitretek
Mike focused on the projects going on in the Working Groups and Interest Groups. See www.pcsforum.org for info on this work.
2. My SCADA Honeynet presentation
3. NERC CIP: Scott Mix, KEMA
Scott knows more about NERC CIP than anyone I know. NERC is now [...]

I don’t know about you, but I have always had a hard time keeping all the different IEC SCADA Security efforts straight. Well Tom Phinney of Honeywell sent out a cogent and concise description in a recent email, see below.
The IEC TC65 technical committee is chartered to produce standards in the area of industrial process-measurement [...]

We have been working on a SCADA Honeynet research project that ended recently. I presented on the various design approaches and interesting findings at InfraGard. You can view the presentation here.
SCADA Honeynets can be used to better understand the threat component of the risk equation and as early attack warning devices on SCADA and [...]

InfraGard is a nice event because it offers the opportunity to go outside the SCADA security silo. Sometimes hearing problems and solutions in other areas can break limiting and rigid thought patterns.
There are security tracks on GIS, Gangs, Critical Communication, Homeland Security, Cyber Security, Computer Forensics, Financial Industry, Regulatory Compliance, Water Security, Food and Agriculture, [...]

The 2nd Annual InfraGard Conference is next Tuesday – Thursday in Washington DC, and there is a SCADA track I’ll be chairing.
On Tuesday and Thursday mornings Idaho National Labs (INL) will be teaching their 1/2 day intro to SCADA security course that is an ideal way to expose IT types to SCADA and SCADA types [...]

We skipped KEMA and the follow-on (Correction: DHS/NCSD and NIST sponsored, not PCSF) Standards Coordination Workshop. I’ve been calling attendees and trying to find something blogworthy without great success. A few thoughts and consensus comments from attendees:
- attendance was noticeably down at KEMA from previous years. This probably is not a reflection of the event, [...]

Given we know some some SCADA vendors are in the pre-release program (interesting, how little there is in Google on the “PVP” — at least on the first few pages) we’d be curious when the first SCADA vendor “blesses” MS06-040.
Will they beat the first worm? The clock is ticking….
BTW, you don’t need to name your [...]

I mentioned my plans for a personal SCADA Security Summit of the Grand Teton in an earlier post. Last week three fellow climbers from the oil and gas industry and myself summitted the mountain at 13,000+ feet, with 7,000+ vertical feet of climbing. If you are looking for a great adventure and are in good [...]