Digital Bond is a small, I like to say boutique, SCADA security research and consulting practice. We try to focus on projects that will have a significant and near term positive impact on the SCADA security community. I believe we have a pretty good track record with our SCADA IDS signatures, Nessus plugins, S4 […]

In his S4 comments, Ty Bodell suggested we have the SCADA Honeynet live at S4 2008 so attendees can see it, hack it or otherwise interact with it. We thought why wait until next January, so the SCADA Honeynet will be available via a wireless access point at the PCSF annual event in Atlanta next […]

So I happened to (luckily) grab a ticket for ShmooCon 2007, it was unbelieveable how quickly these tickets sold out. They offered the tickets on three dates with three sets of tickets that varied by price.
The con has a diverse set of topics and a limited amount of people, so everyone attending won’t have the […]

There has been a fair amount of movement in some of the big names in SCADA security over the last year. To summarize:

The latest is Joe Weiss leaving Kema and joining Applied Control Solutions, LLC. A friend pointed this out on the PCSF agenda. I call Joe the Paul Revere of SCADA security for […]

So I’ve been using Afterglow quite a bit to visualize data from a couple of our SCADA Honeynet projects. Some of the output is starting to be added to our Honeynet Stats & Reports page and some I’m still automating.
Another tool, developed/hosted by IBM, that might be useful for visualizations is “Many Eyes“. Through a […]

No Enterprise Network / Control System Firewall
Hopefully, you have implemented a firewall capability at the enterprise network / control system perimeter. Consultants use words like best practice, good practice, and recommended practice. There is another term consultants use: “standard of due care”. ISACA defines it as:
The standard of “due care” is that level of […]

If you needed any more proof that software security is extremely difficult, look no further than the recent slew of vulnerabilities in security products.

Vulnerability in Snort Preprocessor
Cisco PIX Firewall, ASA and FWSM Vulnerability
PGP Desktop Vulnerability
Microsoft Malware Protection Vulnerability
McAfee Virex Vulnerability
Trend Micro OfficeScan Vulnerability

Having worked for security product vendors in the 90’s, I can confirm this […]

I just learned of Check Point’s, of firewall fame, entry into the SCADA security market - - well sort of (hat tip: Matt Franz). It is the all too common move for a vendor to take a standard IT security product, put it in a slightly ruggedized platform and call it a control systems security […]

The RSA Conference is one of the big IT Security events. In fact, I knew IT Security was big business in the 90’s when IBM was sponsoring huge parties with multiple bands, buffets, ice sculptures, … I didn’t attend the RSA Conference last week, but a couple of items from the press coverage […]

For one week we are making two of the 13 one-hour S4 sessions available to our loyal blog readers.
SCADA Honeynets:  How to Build and Analyzing Attacks by Landon Lewis, Digital Bond
and
OPC Exposed Part II:  Denial of Service Attacks by Ralph Langner, Langner Communications
The password for these two presentations is 9udg#ves.
This is a good opportunity to […]