Bandolier_Leaderboard
AAA  AAA 

Archive for 'SCADA Architecture'

Stuxnet Panel Afterthoughts

I hope you had a chance to listen in to the Industrial Defender sponsored webinar on Tuesday. If not click on this link to hear Patrick Miller, Eric Byres, Andrew Ginter, Mark Zanotti and myself opine on the subject.
I think the webinar had a great overview on Stuxnet from Patrick Miller and some additional detail [...]

Stuxnet Panel Discussion

On Tuesday I’ll be participating in a panel discussion / webinar on the Stuxnet worm. Industrial Defender is organizing it, and there is still time to register. I’ll post a replay link when it is available as well.
It should be an interesting discussion with Patrick Miller moderating and Eric Byres, Andrew Ginter, myself and Mark [...]

Learning from the Stuxnet/WinCC Malware

SCADA-targeted malware was inevitable and I suspect, despite the fact that it took this long to happen, that we haven’t seen the last of it. There’s a forrest and trees lesson here that I hope we learn through this. Before we get too carried away on a specific vulnerability and throwing stones at software vendors, [...]

Perfect Citizen

A few thoughts on the Perfect Citizen project by NSA.
First, it is unclear what Perfect Citizen is. The news reports said the program would places sensors in the critical infrastructure to detect cyber attacks. NSA says “Perfect Citizen is purely a vulnerabilities-assessment and capabilities-development contract. This is a research and engineering effort. There is no [...]

Oracle Housekeeping

I’ve seen my fair share of Oracle databases in control systems and have been thinking more about it since working on some Bandolier Security Audit Files for a SCADA system with an Oracle component. With that in mind, here are a few bits of Oracle-related news and tips.

Oracle announced today that this quarter’s cycle includes [...]

Recovery

A common fault in control system security programs is in recovery of cyber assets. The redundancy gives a false sense of security, and the questions “can you rebuilt this server” or “when was the last time you rebuilt this server” often go back to the vendor initial build or vendor assistance.
Recovery is usually harder [...]

Using KillerBee with ZigBee devices

Yesterday I received a few of the Raven ZigBee USB sticks with the KillerBee firmware loaded on it, thank you Joshua Wright. I grabbed the latest version of Killerbee and started playing around with KillerBee and the ZigBee sticks. KillerBee is an 802.15.4 exploration and exploitation framework. It was extremely easy to get running, I [...]

Emergency Remote Access Clarification / CIP

NERC has just issued the first Clarification Application Note [CAN] related to the CIP standards. The CAN process should be very helpful for owner/operators, vendors and auditors by removing some of the interpretation on what the standards mean and require. That said, the answers in a CAN may be very unpopular and in some cases [...]

Watching A Busy Patch Tuesday

Fortunately I’m not responsible for patching anything besides my MacBook, but I do keep an eye on Patch Tuesday and monitor a number of IT security blogs and podcasts. This past Tuesday included 34 vulnerabilities according to the folks at Tenable Network Security [Full Disclosure: Tenable is a partner in Digital Bond's Bandolier and Portaledge [...]

Cellular Modem Use Without Risk

Loyal blog readers know we have been talking about and tracking the increased use of cellular modems in SCADA systems. These are often accessible from the Internet, almost always accessible by other users with service from the same cellular company, and so far always been installed in the default, insecure installation. So a recent article [...]