Earlier this month Ramtron International announced their new MaxArias, an RF-enabled F-RAM chip, product line. They are currently beta sampling it with several customers in different industries and will launch it in Q1 2010. This product enables RF based read/write applications at a distance of 10 meters. Furthermore, they target several industries and their product could [...]

My recent blog post on application whitelisting, and specifically the Bouncer solution, sparked a lot of offline discussion. One of those conversations was with someone who has a significant stake in NERC CIP and agreed to let me post his comments. I try not to get too involved in hair-splitting discussions about standards compliance but [...]

Late last week the Web Application Security Consortium (WASC) released statistics on web application vulnerabilities for 2008. The site compiled statistics obtained from eight web security groups including HP and Veracode. The groups evaluated 12186 and discovered 97554 vulnerabilities of varying threat levels. Approximately 13% of the sites were compromised using automated software. The vulnerabilities [...]

We are proud to announce the agenda and open registration for the 2010 SCADA Security Scientific Symposium [S4] on January 20-21 in sunny Miami Beach. S4 is a very technical event for the presentation of SCADA security research papers. We give authors one hour to present their paper down to the byte, protocol, mathematics, script, [...]

The agenda for the ICSJWG Annual Meeting, Nov 3-5 in Idaho Falls, is out. The final day is subgroup meetings, and this day is likely to determine if ICSJWG is going to meet its stated purpose. Expect a crowd of 125 people to be at the event.
The Institute for Human and Machine Cognition, a Ocala, [...]

On Tuesday Microsoft released 13 patches for 34 vulnerabilities (a new record), shortly followed by Adobe releasing patches to fix 29 vulnerabilities. Microsoft’s patches covered a gamut of products: Windows, Internet Explorer, MS Office, Forefront, the .Net Framework, Silverlight and other products. Eight of the Microsoft vulnerabilities were rated critical and five as Important, some [...]

One of the reasons I went to ISA Expo in Houston last week was to try to get a fix on what ISA 99 was up to and whether it continued to matter. Historically, ISA 99 was one of the early movers in the control system security standards and guidelines space. Their first two technical [...]

I recently added an article into SCADApedia that maps Portaledge functionality into NERC CIP requirements. As Portaledge leverages OSI Soft’s PI product, which has huge presence in the electrical segment, deploying Portaledge to assist in meeting compliance for some of the NERC standards is an easy decision.
NERC CIP Requirements that Portaledge can assist in [...]

Whether it’s for real-time, historical, or some other purpose, there are databases of all shapes and sizes in control systems. Two questions regarding these databases:
1.) How do we verify that they are in a secure state?
2.) Can we learn or measure anything about the application security from the data inside them?
Tenable added database audit capability [...]

Registration for the 4th annual SCADA Security Scientific Symposium [S4] will open next week. We are making some final decisions on the agenda this week, and it looks like another great set of papers.
S4 is January 20 – 21 in beautiful Miami Beach [it is interesting how we get a greater number of spouses attending [...]