We are two weeks away from S4. Still time to sign up to be a physical or virtual attendee.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail [...]

Last week I had the opportunity to attend the first public planning/brainstorming session for the DHS seeded Open Information Security Foundation and their next generation IDS project. Lots of good discussion, with the first couple hours focusing on the foundation itself, and the rest of the day was spent discussing various features that would be [...]

As a followup to our preprocessor code release, we’re going to put together a few posts detailing the use of a few of the features provided by them.
To begin, we’ll work our way through an example with enip/cip.  Lets say that we wanted to have a log of everytime that a sucessful “Open Connection” request [...]

We are pleased to announce the beta release of some Quickdraw software components today. Quickdraw is a Digital Bond research project funded by the US Department of Homeland Security (DHS). This beta release is the first three SCADA IDS preprocessors that were the crux of the Quickdraw project. They are:

DNP3
Ethernet Industrial Protocol (EtherNet/IP and [...]

It’s been a little while since we’ve had a Quickdraw update, and I wanted to fill everyone in on how we’re doing and the approach we’re using.

As we’ve described before we’re basing the project on the snort 2.8.x tree, and we could do much of the processing and alerting using only the snort rule language [...]

During our application assessment of the OPC UA SDK, it was very clear that vendors creating OPC UA clients and servers are going to make a number of choices that affect security of their offerings. All OPC UA servers will not be created equal from a security perspective.
When the fixes from our assessment are completed, [...]

Or: “A Few Simple Suggestions for Improving Core Control System Security”
The core precepts of IT security are confidentiality, integrity and authentication, precepts not present in the design of most control systems, but there are some simple changes whose implementation would serve to greatly improve the security of control systems. Changes which could be readily and [...]

In the OPC UA SDK assessment, Digital Bond analyzed the OPC UA source code and binaries from the SDK. It should be noted that the source code will be unavailable to most OPC Foundation members.
As mentioned in Part 1 the overall code quality was quite good, but there were a small number of important [...]

As discussed in Part 3, mandating that an OPC UA server validate X.509 certificates prior to using them to create secure channels is essential. It is the foundation that all OPC UA security measures are built upon. Of course whenever you mention certificates and public key infrastructure [PKI] it makes people nervous. Understandably because PKI [...]

OPC UA is a complex, interleaved 12-part specification. To understand OPC UA security one has to read multiple parts of the specification, but we have provided an overview in an OPC UA SCADApedia page that continues to be developed.
The specification analysis portion of our assessment report had many findings at the Exposure, Concern and Observation [...]