The Economist Magazine has a 2744-word cover article on “Cyberwar”. Like most articles in this publication it is balanced and presents the issues well. They have both Richard Clarke with his alarms and Bruce Schneier calling scaremongering.
There is nothing that regular blog readers will find new, but it may be a good article to show [...]

On Tuesday Rapid7 released a new version of Metasploit. The newest release of Metasploit, version 3.4.0, added over 100 new exploit modules and over 40 new axillary modules from the 3.3 release, bringing the totals up to 551 and 261, respectively. Metasploit 3.4.0 now uses TightVNC for the VNC injection. It [...]

I’m about to touch the 3rd rail of control system security – – Joe Weiss. I can’t tell how many times at industry events, dinners, conference calls or any other gathering in the community people, a portion of the conversation turns to griping about Joe.
The catalyst for this blog entry is Joe’s recent interview [...]

John Saunders with the National Defense University has been one of the most active participants in the control system security education and workforce development area. After seeing him again working on these issues at ICSJWG I wanted to get his view on the best way forward. So we had the following email exchange reprinted with [...]

After reading Daniel’s SCADA Everywhere blog I decided to take a look on the Android marketplace. It appears there is very little control system software available for the Android platform. Of the applications I did find, there were a couple of home automation applications, a model train control application and a MODBUS/TCP appliction. [...]

Over the last few years I’ve heard more than a few of our clients joke about their “SCADA everywhere” project, with wireless capabilities, remote access from anywhere in the world, and being able control and monitor everything on their control network from home or the local coffee shop. But we’re seeing that becoming less [...]

On Monday Tenable Security released Security Center 4. The update includes a number of new features including user tracking, database activity monitoring, anomaly detection and forensics. The new release includes improved integration with the Nessus vulnerability scanner, the Log Correlation Engine and the Passive Vulnerability scanner.
The database activity monitor uses [...]

Yesterday, the Director of the NSA, Lt. Gen. Keith Alexander, now the Presidential nominee to head the new Cyber Command, stated that we should be allowed to counter cyber attacks if we can determine the attacker. Alexander mentioned the US has already responded to attacks but did not comment on the strength [...]

I want to try to coin a new term that could be very useful: Control System IT. The discussions on “Operations vs. IT” or “control systems are different than business networks and applications” are legion. And like most long running arguments there is some truth in both sides’ cases.
But if we step back from [...]

Late last week ANSI released a document called ‘The Financial Management of Cyber Risk’. A quote, located on the title page, from David Thompson accurately describes the work: “An invaluable resource for every C-level executive.” There is little technical detail in the document. The work takes statistics and statements from other [...]