Typing scada as the search key in a Google news search http://news.google.com reveals that as a whole the industry (vendors, asset owners, and security players) still needs to raise the bar on security awareness and must change its mindset in a couple of key areas.
While I don’t want to become a purveyor of FUD, when […]

It looks like the DNS service for a few top level domains will be more secure in the future.  Announcements, by way of Dark Reading, have been made that the .org, .uk, and .arpa will soon be turning on DNSSEC and joining .swe (Sweden), .br (Brazil), and .bg (Bulgaria ).  While DNSSEC doesn’t solve all […]

I’ve been involved to varying degrees with security standards efforts for way too long now - - almost twenty years. Most recently with the ISA 99 Part 4 effort. For a while I was actively involved in that effort in support of a contract with Wurldtech. When Bryan Singer joined Wurldtech that did not make […]

To give our readers a taste of what Daniel and I do most days I thought I would post a little code snippet and ask you all to find the overflow (if there is one). Any discussion on the feasibility of exploiting the overflow (again if there is one) is also appreciated.
I’ll keep this one […]

Great blog entry from the guys at Matasano on hacking a ‘toaster’ running a VxWorks OS.
The PCSF Annual Meeting will be held on August 26 - 28 in San Diego. The call for papers/solutions is out, and an agenda and registration is forthcoming. This is our top recommendation if you can only attend one control […]

Joshua Corman of IBM/ISS gave a presentation at Interop Las Vegas yesterday titled “Unsafe at any speed: 7 Dirty Secrets of the Security Industry”. Here’s the Network World report. The title alone is interesting – making a reference to automobile safety – especially considering some recent discussion about the relationship of security to reliability and […]

Not much to report this week, but a couple of minor items:

The PROFIblog reports from the Hannover Messe this week about the number of sold and deployed PROFIBUS and PROFINET nodes. A lot of justified crowing there. I found it interesting how they discussed their method of counting nodes and suggesting other protocol groups reveal […]

Jason Larsen’s presentation on SCADA and Control System hacking from Blackhat Federal 08 is now available on line here.  It is an interesting read.
As I have been looking at ladder logic a bit recently I wanted to add a few points.

Some software [available from the vendors] for editing and creating ladder logic allows the […]

A recent article at Washington Technology has created a bit of a stir in the SCADA security community by claiming that the Tom Sauk incident was a cyber attack against the facility’s gauges. This is contrary to reports and discussion of the incident which indicate that it was an instrumentation failure. 
While possibly a simple editorial error, […]

Cisco and OSIsoft have partnered to offer the PI server on a Cisco infrastructure system through the Application Extension Platform [AXP]. A router and PI server in one Cisco hardware box. Very cool, although I don’t think even a PI fanboy like me would call it ‘legendary’.
Innominate and their field security appliance, mGuard, have joined […]