Archive for the year 2010
Waterfall and One Way Security
A small number of vendors are promoting unidirectional network security devices, most notably Waterfall Security Solutions from Israel. [FD: Waterfall has advertised on digitalbond.com] To their credit Waterfall has doggedly pursued the control system security space and has some good content on using their product in control systems. And based on the number of questions [...]
Author: Dale Peterson
Posted: September 1st, 2010 under Firewall / Perimeter, SCADA Architecture.
Comments: none
More notes on UAC, Bandolier
Following up from yesterday’s post, here are a few more notes on UAC and Bandolier.
First, my earlier post focused on Windows 7 but I probably should mention that UAC applies to 2008 server as well. The UAC implementation on the original 2008 server is similar to Vista, with 2008 R2 being more similar to Windows [...]
Author: Jason Holcomb
Posted: August 26th, 2010 under Bandolier.
Comments: none
UAC, Windows 7 and Bandolier
We’re develoing our first set of Bandolier audit files that will include Windows 7 components. The control system community, for the most part, has not embraced Windows Vista so Windows 7 is the first exposure for many to User Account Control (UAC). UAC is perhaps the most hated “feature” of Vista — the constant prompts [...]
Author: Jason Holcomb
Posted: August 25th, 2010 under Bandolier.
Comments: 4
Late Summer Reading: NISTIR 7628
How many of you have downloaded NISTIR 7628: Smart Grid Cyber Security Strategy and Requirements, saw it was 305 pages and put it aside? Maybe you even waded into the first ten to twenty pages and read a lot of general statements and gave up. Well if you have some time before the summer is [...]
Author: Dale Peterson
Posted: August 25th, 2010 under NIST, Smart Grid.
Comments: 3
Friday News and Notes
The field of auto hacking continues to grow, and we have our first auto hacking tool – called CarShark of course. The challenge is in intercepting the signals more than hacking the systems in the car. The question is why would an adversary want to do this? Where is the profit or gain? Besides doing [...]
Author: Dale Peterson
Posted: August 20th, 2010 under Uncategorized.
Comments: none
The OSSTMM rav: Part 2
In Part 1 of our discussion on the OSSTMM rav, we set up some context and background for what the metric is meant to do and what factors go into the calculation. Since then I’ve had the opportunity to use the rav scores in a real-life scenario and am ready for some harder analysis.
We set [...]
Author: Jason Holcomb
Posted: August 19th, 2010 under Assessment Methodology, Calculating Risk.
Comments: none
We Will Never Be Perfect
Some of the post Stuxnet discussion, and even much before it, has the premise that we need to improve security so this type of attack can never be successful. That if we just all do the right things control systems will be impenetrable. When we see unpatched systems, hard coded passwords, cleartext authentication, unauthenticated firmware [...]
Author: Dale Peterson
Posted: August 19th, 2010 under Big Picture, Calculating Risk.
Comments: 8
Legislative Outlook for Control System Security Registration
Patrick Coyle writes the Chemical Facility Security News blog and tweets @pjcoyle. His blog is my go to resource for all things chemical security, and Patrick also does the hard work of tracking all of the control system security legislation. Patrick was kind enough to write up a blog entry on what you should be [...]
Author: Dale Peterson
Posted: August 18th, 2010 under US Government.
Comments: none
EnergySec Agenda / Bandolier Class
EnergySec puts on a great electric sector control system security event every year, and it is a bargain at $150. The agenda is now out for this year’s event in Denver, Sept 21 and 22.
Looking at the agenda the highlight for me are presentations from James Arlen, Dave Lewis and Patrick Miller. These three always [...]
Author: Dale Peterson
Posted: August 15th, 2010 under Bandolier, Conferences.
Comments: none
Friday News and Notes
A lot of noise this week, but only two items for the News and Notes.
NERC asked all members to provide information on the number of Critical Assets they have today under CIP, and how many they would have under the draft CIP-002-4. The draft version is much more detailed on what is and isn’t a [...]
Author: Dale Peterson
Posted: August 13th, 2010 under Uncategorized.
Comments: none