Here is our list of the top ten control system stories for 2008. (See the 2007 list. See the 2006 list.)
1. Vulnerabilities Discovered by Non-Control System Company
Core Security and others outside of the control system community started testing freely available demo versions of control system applications - - and finding vulnerabilities. Control system security is [...]

Been busy this holiday season editing and organizing the S4 2009 papers for the third edition of the Proceedings Book. Happy to say that the 192-page book was sent to the printers yesterday.
The authors stepped it up again this year. The papers have more technical detail than ever before and build on previous work in [...]

Bill Gross has an interesting comment on Jason’s regulation post. Here is the key excerpt:
To that end, you would see the virtual elimination of security flaws in systems if you target you regulation in a way that:
1) Makes vendors accountable for financial impacts that result from the failure of their systems.
2) Gives them financial incentives [...]

For our final TMICSS of the year we ask ten control system security pundits two questions.
1. What was the most interesting control system security story of 2008?
Note I asked for most interesting, not most important. As you might expect about half of the interviewees selected the control system public exploit code, especially around the Citect [...]

 

 Standard Podcast: Play Now | Play in Popup | Download

I will be previewing one S4 2009 paper each week. Digital Bond’s SCADA Security Scientific Symposium is Jan 21-22 in Miami Beach with an advanced control system security course on Jan 20th. For more information on the event and registration check out these links:

Agenda at a Glance
See the full agenda with detailed paper descriptions
Register to [...]

A friendly reminder for those of you who don’t read the small print. The S4 Hotel guaranteed conference rate ends this Friday, the 19th.
After that rooms will be available on an as available basis. Of course, we will help S4 attendees in any way possible, but save yourself some trouble and make your reservation [...]

I finally had a chance to read through the Center for Strategic and International Studies [CSIS] paper on Securing Cyberspace for the 44th Presidency. This group appears to have some clout so some of the recommendations may come to pass.
Still mulling the recommendations over, but here are my early thoughts.
1. The reorganization of responsibility will [...]

I will be previewing one S4 2009 paper each week. Digital Bond’s SCADA Security Scientific Symposium is Jan 21-22 in Miami Beach with an advanced control system security course on Jan 20th. For more information on the event and registration check out these links:

Agenda at a Glance
See the full agenda with detailed paper descriptions
Register to [...]

Microsoft has released a new threat modeling tool. We are huge fans of threat modeling, and it is a part of our application assessment methodology. Looking forward to trying out the tool. Just wish they would release a version of Visio for the Mac.
Another presentation on hacking Modbus enabled devices. This time at SIFT in [...]

The Economics of Control System Security
Many of you will know Dr. Ross Anderson of the University of Cambridge from his book Security Engineering, first published in 2001 and with a 2nd edition this year.
What you may not know is Ross is one of the thought leaders around the economics of security and the psychology of [...]