The details on the CAL ISO incident last week in the LA Times. “He broke a glass seal and pushed an emergency electricity shut-off button, plunging the Cal-ISO building in Folsom, a Sacramento suburb, into darkness and crashing computers used to communicate with the power market.”
Citgo and InTech magazine just started a project blog on […]

We released two new Modbus TCP IDS signatures and some improvements and updates today. The download of the entire new SCADA IDS package and links to the documentation are available on our IDS research page.
The new signatures identify Modbus scanners in two different ways.

SID 1111013, Modbus TCP - Function Code Scan, identifies a scanner attempting […]

There is a long running discussion/argument on whether Mac’s are more secure than PC’s. Actually - that is not quite correct. I believe the argument is: are the number of Mac exploits relatively small, as compared to Windows, due to better software security engineering practices at Apple or because the motivation to find Mac […]

For our Australian readers, the TISN is putting on a series of free SCADA Security executive and practitioner briefings in Brisbane, Sydney, Melbourne, Perth and Adelaide in June. TISN is similar to the US PCSF. More information and registration here. (Hat tip: Ron Southworth)
Dark Reading, an IT Security resource, made a SCADA scare article their […]

Many SCADA and DCS vendors are integrating their applications with Microsoft’s Active Directory. There are some benefits to this:

Control system vendors no longer need to develop and maintain user management system and other directory services (typically not a core competency)
Support for strong, two-factor authentication
Group policy to harden OS platforms
Single sign-on

However one of the benefits we […]

SCADApedia - - subscribers can write; all can view.
New SCADApedia entries from April 1 - 15.

ControlLogix
Energy Sector Roadmap
FactoryTalk AssetCentre
FactoryTalk Security
Interactive Energy Roadmap
Innominate mGuard
LiveData ICCP Server heap buffer overflow vulnerability
Modbus
Programmable Automation Controller (PAC)
Rockwell Automation
SISCO OSI stack fails to properly handle malformed packets
SISCO OSI stack fails to properly validate packets
Style Guide
US-CERT
Vulnerability Notes

Updated SCADApedia entries

[…]

We added two SCADApedia entries on the security features of Rockwell Software Management: FactoryTalk Security (formerly RSAsset Security) and FactoryTalk AssetCentre (formerly RSMACC). The naming is still confusing with much of the documentation, website content, and RA customer and employee base still using the old names.
The Good
There is a lot to like about the security […]

 Slow week on the SCADA security front.

The Procedings of SCADA Scientific Security Symposium (S4) is now available for purchase on Amazon.com in addition to on our web site.
Dick Caro has a good review of the latest SP100 meeting that took place in Germany at the ControlGlobal site.
Walt Boyes from Control Magazine has moved […]

We just finished a series of SCADApedia entries on security in Rockwell Automation (RA) controllers and software applications. Remember the SCADApedia is a place for facts, so I’ll lay out some opinions and conclusions in this two part blog.

The ControlLogix PAC (powerful PLC) is a prime example of why we are fans of the simple, […]

Pauldotcom’s latest security weekly (episode 66) elaborates on the usage of bluetooth in devices other then mobile phones. Apparently some vendors have integrated bluetooth into pole-top devices like transformers for monitoring purposes in the UK.
I’m not all that surprised about it being used for monitoring, but what about programming? Hopefully the companies purchasing and deploying […]