I’ve been a bit surprised at the reaction to the excerpt of the DHS tape showing a demonstration of cyber attack on a power plant. The reaction from the press and those not in what I often call the “community” in this blog is an expected combination of shock and wonder at how this is [...]

Item 1 - Pennsylvania Water Hack I’m sure most of you have seen this since emails are flying around, but just in case, ABC News has a story on a hack of a water control system in Pennsylvania in October. 
A couple of quick points:

This is a standard IT attack and the exploit was just trying to [...]

I tried to let this one pass, but failed … From today’s opening paragraph in the SANS newsbite:
SCADA security issues are no longer theoretical. At the SCADA Security Summit last week, asset owners spoke publicly (for the first time) about actual security breaches in water treatment plants and power distribution systems. It is time for [...]

So last time I blogged about the first day with the intermediate class put on by INL (SANS). The next two days were alittle different than other security conferences I’ve attended. The first day consisted of about 50 people in each intro or intermediate class and the second, by the looks had about 200+.
The first [...]

Digital Bond got slammed at the SANS Summit by Jason Larsen of INL as an example of consultant/researchers trying to make PR on vulnerabilities they discover during client assessments to “raise the price of their services”. This was not the thrust of the talk and a minor comment, but still warrants a reponse.
Digital Bond is [...]

I’m attending the SANS SCADA Summit for the next three days. Today was the introductory course offered for free by the DoE and DHS. I op’d for the intermediate course as I’ve had some moderate SCADA network exposure in the past.
Today was like the intro to most training or hands-on conferences I’ve attended. INL put [...]

SANS started getting involved with SCADA Security at their first SCADA Security Summit (which I have detailed liveblogging of in the March 06 archive) . This has followed with a number of webcasts and plans for a second Summit planned for Sept 28-30 in Las Vegas.
Yesterday many readers sent me the latest SANS newsbyte that [...]

Day 2
Power Panel
Robert Hill gave an overview of the labs role and specifically INL programs. Nothing new here, but useful for newcomers.
Paul Skare, Siemens - interesting and noted by Alan that Areva and ABB were not part of the event- was up next. Siemens has their own S-CERT. Can’t find it on their site. Q&A [...]

The Good
- The INL training courses are the highlight of this event. They are well attended and generally very well received. Some people new to SCADA and from the IT Security side of the shop are attending because they know SANS. This is a USG/INL success story and maybe a model. The price to the [...]

Morning Keynote Panel
The SANS Security summit kicked off bright and early with about 200 people in attendence at Tom Donahue, CIA’s keynote. Interesting comment paraphrased, not clear that terrorists are interested in cyber attacks on critical infrastructure because they don’t have the dramatic display that impresses the terrorists constituency. Terrorists have focused more on dramatic [...]