SCADApedia
AAA  AAA 

Friday News and Notes

  • A small article on a Hamburg, Germany company name Schad who has a Java application running on a Blackberry that can control and monitor Siemens S7 PLC’s. On one hand this is very cool and on the other hand very scary. (Hat tip: Dave Taylor)
  • The DHS Cyber Storm II exercise takes place next week. Matt participated in Cyber Storm I in 2006 and thought it was highly useful, but it also showed the difference between an exercise and real life. The OPC vuln scenario, one of many scenarios, in Cyber Storm I was handled almost flawlessly. The real world handling of subsequent disclosed ICCP vulns was initially unsuccessful. So what am I saying? Cyber Storm exercises are great and should be done, but let’s be honest that everyone is prepared and know a lot of people are watching. I would be surprised if Cyber Storm II is not another ‘big success’.
  • Wurldtech has been on an announcement spree lately. The latest is an expansion of their Industrial Cyber Security Database. Wurldtech will initially test 20 40 different devices using Achilles, provide results on the tested device and trends across all devices. A worthwhile effort, but to be clear it is another service offering not pro bono for the community. Asset owners or vendors pay to have the devices tested and see the overall results. The database will then be available from Wurldtech on a subscription basis. (FD: Wurldtech is a past Digital Bond client)

Author: Dale Peterson
Posted: March 7th, 2008 under Uncategorized.
Comments: 3

Comments

Comment from Ralph Langner
Time: March 7, 2008, 6:24 pm

Dale, why would the stuff from Schad be scary. They clearly say on their homepage that their product is SECURE. Given the abundant technical information that accompanies this claim, who would be scared.

Comment from Matthew Franz
Time: March 7, 2008, 9:56 pm

If indeed OPC was handled flawlessly it was only because politics and practice of vulnerability disclosure were not in the game play but the background leading up to the start of the exercise…. Or because no SCADA vendors “played”

Comment from Jake Brodsky
Time: March 9, 2008, 9:48 am

I’ll be the devil’s advocate for a minute. Let’s suppose this scheme is somehow completely securable. Fine. What about someone stealing the damned thing and taking over the controls? How many USERS are going to understand the security features well enough to bother using it?

Write a comment