My temporary job here at Digital Bond is to support Digital Bond’s control system technology lab and specifically the Quickdraw project.  That means primarily to identify and generate significant ‘representative’ network traffic, specifically control system traffic that may have security significance.  We are using real control system hardware devices to produce the ‘representative’ network traffic.  [...]

Been busy this holiday season editing and organizing the S4 2009 papers for the third edition of the Proceedings Book. Happy to say that the 192-page book was sent to the printers yesterday.
The authors stepped it up again this year. The papers have more technical detail than ever before and build on previous work in [...]

Bill Gross has an interesting comment on Jason’s regulation post. Here is the key excerpt:
To that end, you would see the virtual elimination of security flaws in systems if you target you regulation in a way that:
1) Makes vendors accountable for financial impacts that result from the failure of their systems.
2) Gives them financial incentives [...]

For our final TMICSS of the year we ask ten control system security pundits two questions.
1. What was the most interesting control system security story of 2008?
Note I asked for most interesting, not most important. As you might expect about half of the interviewees selected the control system public exploit code, especially around the Citect [...]

 

 Standard Podcast: Play Now | Play in Popup | Download

Joe Weiss lays out an argument for regulation in the Unfettered blog today. I mostly agree with him on this point…
One would expect that a vulnerability as significant as this with such wide-spread notification and notoriety would be addressed post-haste. WRONG! One would at least think that the information would be made available to cognizant [...]

I will be previewing one S4 2009 paper each week. Digital Bond’s SCADA Security Scientific Symposium is Jan 21-22 in Miami Beach with an advanced control system security course on Jan 20th. For more information on the event and registration check out these links:

Agenda at a Glance
See the full agenda with detailed paper descriptions
Register to [...]

A friendly reminder for those of you who don’t read the small print. The S4 Hotel guaranteed conference rate ends this Friday, the 19th.
After that rooms will be available on an as available basis. Of course, we will help S4 attendees in any way possible, but save yourself some trouble and make your reservation [...]

I finally had a chance to read through the Center for Strategic and International Studies [CSIS] paper on Securing Cyberspace for the 44th Presidency. This group appears to have some clout so some of the recommendations may come to pass.
Still mulling the recommendations over, but here are my early thoughts.
1. The reorganization of responsibility will [...]

This month’s issue of IEEE Security and Privacy magazine features a few articles about security in the process control space that might be worth the read.  Since the journal isn’t specific to control systems it provides background information on SCADA and DCS. It may be a good start for IT and other departments beginning to [...]

I will be previewing one S4 2009 paper each week. Digital Bond’s SCADA Security Scientific Symposium is Jan 21-22 in Miami Beach with an advanced control system security course on Jan 20th. For more information on the event and registration check out these links:

Agenda at a Glance
See the full agenda with detailed paper descriptions
Register to [...]