For the past few years there has been a rise of cyber criminals attacking systems for profit.  Many of the financially motivated attacks, like the TJX breach, have been well published.  It appears that as attackers learn how to profit from their exploits, their illegal activities tend to increase as well.  An attacker may first [...]

Normally we would not comment on a marketing press release, but this is Cisco and even a marketing effort from a giant like that can have a big impact.
Recently Cisco announced that their services group announced grid security services, hat tip: Matt Franz, @frednecksec. These services included cyber and physical security services and even mentioned [...]

I was out at EnergySec in Seattle last week, and tweeted on it @digitalbond.
An INL presentation showed that they have found about 325 vulns in the control system assessments they have performed over the last four years. This revived my long held and stated frustration about who gets this information. When INL does a vendor [...]

ISA 67, Nuclear Power Plant Standards, has created a new working group to address cyber security for nuclear plants. It will be coordinating activities with ISA 99.

Wurldtech added another big name to their Advisory Board – Greg Garcia, former Assistant Secretary for Cyber Security and Communications with the US Department of Homeland Security. [FD: Wurldtech [...]

I’m out at EnergySec in Seattle and gave a 1 hour presentation yesterday on our Bandolier, Portaledge and Quickdraw presentation. Here is a link to the presentation.
Our approach to control system security research is to extend existing tools and applications in two ways.
1. Add control system intelligence to existing IT security tools.
Bandolier extends the the [...]

Recently I was called by a major news organization who I understand has been calling many in the control system community for a potential story. He was hunting for an unreported, clear and vivid example of a successful cyber attack on a critical infrastructure control system that had serious consequences to build their story around. [...]

Being one of the people who tends to be more interested in the pointy end of the security stick, I’ve been looking forward to this training material being released since I first heard of it several months ago.  The good folks over at Offensive Security have put together a great training course, and the base [...]

A nearly year old Chinese academic paper got a bunch of publicity in recent weeks as Newscientist spotlighted the paper and noted the gist “Cascade-based attack vulnerability on the US power grid.” With a title like that it was bound to cause a stir. A pair of researchers at the Dalian University of Technology [...]

Someone needs to tell me where the downside is with products like CoreTrace Bouncer. I’ve tried to be skeptical of application whitelisting but the more I see, the more I like it. Recently I had the opportunity to see Bouncer demonstrated on a Yokogowa Centum DCS. I’ve seen lab demo’s before but this was the [...]

I’m out at the OSIsoft T&D Users Group in Portland this week. Transpara, one of the OSIsoft partners, is showing PI displays sent to Blackberries, iPhones and other mobile devices. People were walking up with their phones and getting demo’s right on their phones. Essentially you navigate to a web page on a web server [...]