After reading Digital Bond’s Friday News and Notes, there are more Project Basecamp results! Actually, Digital Security Research Group decided to show support by publishing some research the group had performed on the WAGO PLC 750: The DSecRG researchers decided to support the project by their independent research and added the 750 series WAGO controller to the list. They have also published a variety of 0-day vulnerabilities for this controller and for the SCADA systems of wellintech KingSCAD << More >>

This has been a rewarding week here at Industrial Defender. In many ways, it’s the culmination of nearly a decade of thought leadership and innovation in the industrial control systems market.  From SCADA control to security, compliance and now change management, this company has a decade-long commitment to meeting the evolving needs of our market. So, I felt great pride and satisfaction when Pike Research this week ranked Industrial Defender #1 in Smart Grid security.  Our dedication to ad << More >>

As promised in my last post, here are some of the highlights from the Day 2 presentations at S4. For additional information regarding all of the talks, feel free to refer to the agenda posted here http://www.digitalbond.com/s4/ . Reid Wightman, Ruben Santamarta, Dillon Beresford, Jacob Kitchel, and 2 anonymous (not those guys) researchers Project Basecamp Project Basecamp was inspired by comments from people in the ICS industry who said that everybody already knows that PLCs are very insecure. << More >>

Today is day one of the S4 2012 conference. Below are some of the highlights of the talks given during day one. On a side note, a piece of schwag given out for attendees is Ralph Langner’s book, “Robust Control System Networks: How to Achieve Reliable Control After Stuxnet”. I have not personally read it yet, but I’ve been told that although it’s light in physical weight, it’s heavy in useful content. Darren Highfill, Utilisec The Witch Doctor v. The Engineer – Why Believe Either O << More >>

In the last year and a half, software vendors in critical infrastructure have experienced high-visibility (link: http://aluigi.altervista.org/adv.htm), wide-scale disclosure (link: http://www.digitalbond.com/2011/10/10/665-scada-bugs-presentation-from-derbycon/) of vulnerabilities. If you followed those disclosures, you know the names Luigi Auriemma, Billy Rios, and Terry McCorkle. Once you get over the massive amount of vulnerabilities found by Rios and McCorkle in their “100 Bugs in 100 Day << More >>

On December 14, 2011 Industrial Defender posted results of a global survey of ICS professionals.  Lots of great data points, but ultimately what does it mean?  I think it clearly points to a shifting of the tide;   both ICS and IT professionals are feeling similar burdens, which can simply be characterized as “do more with less.” Not that this is a big secret, but the last few years have put quite the strain on companies globally, not just here in the US.  Looking at the Bureau of Labor << More >>

On October 13, 2011, the SEC issued CF Disclosure Guidance: Topic No. 2 . This guidance “provides the Division of Corporation Finance’s views regarding disclosure obligations relating to cyber security risks and cyber incidents.” As a Washington Post article emphasizes, “The SEC guidance is critical because it allows market participants to weigh cybersecurity as an investment factor.” The article goes on to state: “Businesses will now have to consider, among other things, what const << More >>