Just a quick update on the happenings here at Blackhat.  The good news is that this year the quality of the presentations seems to have improved, or maybe I’be just gotten better at choosing interesting sessions.
Most of the research that had a direct impact on control systems, specifically in the electric sector, was presented yesterday.  [...]

First – Don’t forget to get your abstracts in to present a paper at S4 2010 in January in beautiful Miami Beach.
This weeks online paper from past S4 events is the Goodspeed, Highfill and Singletary paper, Low-level Vulnerabilities in Wireless Control Systems Hardware. It was the first S4 paper to look at hacking hardware to [...]

We usually talk about Nessus in terms of vulnerability assessment or configuration auditing (i.e. identifying known vulnerabilities based on a set of signatures or identifying poor security configuration using audit files). Tenable recently expanded the Nessus web application testing plugins, however, that can help identify new or unknown vulnerabilities. The capability has been around for [...]

Its that time of year again, and tomorrow I’ll be heading out to Las Vegas for Blackhat, Defcon, and Bsides.  As usual theres a lot of great research being presented, and there seems to be a bit more SCADA research being presented each year.
I’ll be blogging about any of the presentations that I think are [...]

Effective information sharing about vulnerabilities, security incidents and other security issues is a hard problem. Most owner/operators are reluctant to share anything that could make them look bad or worse, but these same asset owners see the benefit of receiving information from their peers. So everyone wants to receive the info, but not share any [...]

Registration for the ICSJWG Fall Conference, November 3 -5 in Idaho Falls, is open. The call for papers is open until August 17th.
NERC has issued a draft implementation schedule for nuclear power plants to comply with the NERC CIP standards.
The replay of this week’s congressional hearing on Securing the Modern Electric Grid is now available.
Very [...]

First – Don’t forget to get your abstracts in to present a paper at S4 2010 in January in beautiful Miami Beach.
This weeks online paper from past S4 events is Jake Brodsky and Tony McConnell’s paper “Jamming and Interference Induced Denial of Service Attacks on IEEE 802.15.4 Based Wireless Networks”. [Note - Fixed Link] This [...]

The DHS led Industrial Control System Joint Working Group [ICSJWG] will hold its first Annual Fall Conference Nov 3 – 5 in Idaho Falls, presumedly with some support from INL. A full event agenda should be announced shortly.
The logistics are interesting. Earlier there was an announcement it would be held in conjunction with ISA Expo [...]

As discussed in Part 6 of our on going series on the inner workings of Portaledge, Portaledge has an event hierarchy. The hierarchy (from smallest to largest) consists of: Event Triggers, which cause Events, which are correlated in a class into Event Class Events. Events and Event Class Events can be correlated across Event Classes [...]

Last week I had the opportunity to attend the first public planning/brainstorming session for the DHS seeded Open Information Security Foundation and their next generation IDS project. Lots of good discussion, with the first couple hours focusing on the foundation itself, and the rest of the day was spent discussing various features that would be [...]