To a lot of you, this is post isn’t going to tell you anything you don’t already know, but for others I think it needs to be said again.  MAC and IP addresses are easily changeable and are useless for authentication.
Far too often when we’re on site we see security measures that rely heavily on [...]

The host hotel for the S4 conference has changed management and names. It was previously Le Meridien and managed by Starwood. It is now the Marenas Resort. Same great hotel, same great view, same great rate.
Actually this gives me an excuse to promote the hotel and scenery as another S4 benefit. Every year more of [...]

The Dutch National Infrastructure against Cybercrime [NICC] puts out a very high end brochure/newsletter in English every quarter. They claim that their Information Sharing is their most successful activity and serves as an example of a public/private partnership.
The CC-Link News Fall edition notes that IMS’s “The World Market for Industrial Networking – 2009 Edition” states [...]

I will be previewing some of the papers and presentations in this year’s S4 over the next few weeks.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail to [...]

Recently Digital Bond colleague, Jason Holcomb, posted an example of how to use WMI to ensure that only approved Windows services are running on your system.  Below is another example of how to use WMI to assess your known good configuration and shorten your custom audit files.
Example: How can you check that your Application/System/Security event [...]

This is the conclusion of my Quickdraw retrospective.
Security Semantic variation is even greater than expected…
Although the Quickdraw project proved that a set of SEM events could be developed and applied to multiple devices, it also shows that there is enormous variation in the semantics from device to device. Sometimes even the [...]

Windows or *nix based workstations are commonplace for many asset owners. The workstations are typically run on a standard PC using a hard drive to store the operating system and applications. This environment works well with one exception, new data can be stored on the system. On a corporate network, local data storage is typically [...]

Having completed my part of the Quickdraw project, my time at Digital Bond is winding to a halt. But I thought I’d just post a retrospective on some of the things I learned on the Quickdraw project. Because this post is a bit on the long side I have decided to split it [...]

I will be previewing some of the papers and presentations in this year’s S4 over the next few weeks.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail to [...]

NERC had a two day workshop on High Impact, Low Frequency events. These are events that are rarely seen but would have a big impact if they occurred and included cyber attacks on control systems. With all the talk about risk, it is this high / low dichotomy of two elements in the risk equation [...]