Richard Bejtlich asks the question “Why Network Taps?” over at the TaoSecurity blog this week. I’m a huge fan of network taps for IDS, general monitoring and troubleshooting. It’s hard to beat the visibility a tap provides at your network entry and exit points. Bejtlich spells out several reasons why taps are a good idea [...]

It’s always a pleasure to talk with Ralph Langner of Langner Communications at S4. He is a leader and independent control system security voice in Europe. Ralph has developed some interesting tools to demonstrate vulnerabilities and lack of security that I hope to share with our readers soon. He had an interesting idea of “infinite [...]

Next Monday / Tuesday is the 2009 Edition of the SANS SCADA Security Summit in Orlando. I’m speaking at two sessions on Monday. The first is an hour review of the S4 papers, and the second is part of a panel on the Energy Roadmap related research where I’ll be giving a short presentation on [...]

Field device worms, economics and infosec and estimating 0days
I hope loyal readers will pardon the days delay in the recap, and even the limited tweeting, during S4. As the Event Chair and with the physical and virtual program it gets pretty crazy. I did like twitter for the updates and will be tweeting again at [...]

As most of us know, yesterday hundreds of thousands of people converged to witness the swearing in of the 44th president of the United States, Barack Obama. My television was on in the background yesterday, and my radar couldn’t help but pick up on some of the details on the security of the event. [...]

I started my tweeting at S4. Today is the Advanced Security Testing of Control System Components, tomorrow and Thursday at the S4 event. Follow me on twitter for running commentary on the event.

The Bandolier security audit files use the policy compliance features of the Nessus vulnerability scanner. We’ve talked about compliance here on the blog but if you really want to take a deep dive, check out this presentation by Tenable CEO/CTO Ron Gula.
Scheduling a third party security assessment of your control system? Be sure to ask [...]

Oracle released 41 security patches this week for a variety of their products. Ten of the patches were for the Oracle database – – that by the way is used in many SCADA and DCS servers.
We have seen great progress with vendors testing and certifying Microsoft patches on a timely basis. We have some progress [...]

In the past I’ve live-blogged SCADA security events – – and I will put a daily blog post during S4. However this year we will use twitter for running commentary on the event.
My username is digitalbond. Follow me for tweets on S4.
I don’t plan on tweeting from this username except as a substitute for live-blogging [...]

We are 1 week away from our SCADA Security Scientific Symposium [S4] in Miami Beach. Next weeks weather is 75 and sunny, so grab one of the last few seats while you can.
Time to wrap up our previews with the three remaining sessions.

Sandia and Honeywell have combined for a paper “Secure Wireless Key Management for [...]