The newly appointed “Cyber Security Czar”, Howard Schmidt recently noted that he considers smart phones and such devices one of the largest areas of concern for cyber security. Saying “What they’ve been attacking on the desktop they’ll starting attacking in our mobile devices as they become more like PCs in our pockets. We can’t wait [...]

When stories about Internet based attacks on control systems, like the 60 Minutes story, appear on sites like Slashdot, most people question the need to attach the control network to  another network.  In my previous position at a National Laboratory, I have seen proper network segregation implemented successfully, though at times it can be a [...]

Recent news notes that the first iPhone worm is making the rounds. It takes advantage of default passwords in jailbroke iPhones. The hack was first demonstrated as a “Riuckroll” joke exploit and dubbed the ikee worm, but wily hackers have used the initial prank worm to engineer a worm that collects data and downloads user [...]

I’m out at the OSIsoft T&D Users Group in Portland this week. Transpara, one of the OSIsoft partners, is showing PI displays sent to Blackberries, iPhones and other mobile devices. People were walking up with their phones and getting demo’s right on their phones. Essentially you navigate to a web page on a web server [...]

For those who were counting on war dialing being hacker passé, you may want to think again. A new tool (WarVOX) was made public this week that, using VOIP services, is able to scan a 10,000 number exchange in eight hours or less. It might be time to check those modem lines for “emergency” support [...]

Pacific Gas & Electric (PG&E) has a Request For Information (RFI) out for:
“a Gatekeeper system of hardware and software to provide secure remote access to the devices attached to its packet-routed Operations Data Network”
We have tried to identify and send the RFI to potential solutions but there is always a chance there is some hot, [...]

A reader question – -
A client has asked to implement KVM over IP as the remote access solution to RTU in the field. I have been trying to find information if the industry approves or disapproves this.
Cheers, Jamie
The main security issue is the IP connectivity, not the KVM itself. It extends the routable network perimeter, [...]

I will highlight one of the ten presentations in the Critical Infrastructure track of the InfraGard National Conference each week. I’ve challenged the industry to come up with some new and exciting ideas and information. The Conference is in Washington D.C. , August 9 to 11.
New, Leading (Bleeding?) Edge Control System Security Products
Control system networks [...]

You always learn from your students, and today is no exception.
Problem: SCADA Administrators need rare, but emergency, remote access to the trusted SCADA network to solve problems that affect operation. Ideally, the laptop PC they use for this remote access would be dedicated to the SCADA network. It would never be used to access the [...]

A few new dial-up modem security products were out on the Distributech exhibit floor. In general, we worry more about authentication, to prevent an attacker from gaining access, than encryption, to prevent an attack from eavesdropping or inserting data, into a dial-up connection.
What a surprise to see Thales e-Security at the show. I worked with [...]