The patching discussions spawned by the US-CERT OPC Vulnerability Notes and the e-Week article may lead to an ISA SP99 Technical Report and Standard on patching control systems. Bryan Singer said there was a lot of interest, and he is looking to form Working Group 6 to do the work. I’m not sure we need […]

I was waiting for something to inspire the March Monthly Checkup topic and the OPC Server Vulnerability Notes / Patching discussions came through just in time. Here are your check-up tasks for this month:
1) Verify management accepts the risks and approves your patching policy
Your patching process will implicitedly include an acceptance of risk. For example, […]

The Control System Cyber Security Self-Assessment Tool (CS2SAT) was presented at the PCSF Annual Meeting earlier this month. I had promised a review of this tool, and it takes place in two parts. The facts of the CS2SAT are in a SCADApedia entry and my comments on the CS2SAT are here in this blog entry.
Overall, […]

As we near our 500 blog post (this is #497), it is finally time to address a problem that has bothered us for a while. Factual information in our blog entries tended to get buried over time. The search engine and categories helped, but a lot of the value of the content was lost.
Our solution […]

I’ve been traveling the past couple of weeks and my last stop was ShmooCon at the Wardman Marriott in DC. I arrived early on Thursday and not many people were around, so I met with folks that responded to my blog that were participating in the ShmooCon Labs. The ShmooCon Labs used the old concept […]

In my last blog entry I described why there was no “Hole Found in Protocol”. Now let’s talk about why there is no need to panic.
It really is pretty simple. OPC almost always runs on a Microsoft Windows OS because the protocol was designed around Microsoft’s DCOM. Windows OS have critical patches that come out […]

eWeek.com has an article out today, “Hole Found in Protocol Handling Vital National Infrastructure” (hat tip: Dick Lord of the Steadfast Group for sending it to me). It is full of inaccuracies and hysteria.
First and most importantly, the title is wrong. This article is about the work Lluis Mora presented at S4 on OPC implementation […]

It probably is not a big surprise to loyal blog readers that I received several off-the-record calls on the “What does it mean? INL Testing LiveData ICCP Server”. The main reason for off-the-record is it takes a whole process to issue comments even to a blog / pseudo-press. Here are a few things I can […]

We had the SCADA Honeynet attached to a wireless access point at the PCSF Annual Meeting March 6 and 7 in Atlanta, GA. PCSF attendees were encouraged to connect to it to check out the realism of this simulated PLC target and attack it as much as they desired. Of course, others connected simply looking […]

US-CERT just issued the first vulnerability note related to Lluis Mora of Neutralbit’s work he presented at S4. Expect quite a few more before this is all done.
Hats off to Takebishi for responding so quickly with a security patch and providing compensating control information, and to US-CERT and CERT/CC for the coordination.
Update: Vulnerability Note […]