Author Archives: Jacob Kitchel

Managing Change to Minimize Risk in Industrial Control Systems

Posted on by
Reply
Recently the Aberdeen Group published a blog post hosted on Automation.com regarding the Aberdeen Group’s report titled “Operational Risk Management: Managing Change to Improve Productivity and Minimize Risk”. While the blog post does not specifically call out risk to “cyber” assets, the comparison is easy to make and an overlap of the findings becomes clearer. Also, given the complexity of today’s industrial control system environments, a lot of readers will be shaking their heads i << More >>

“Who’s Really Attacking Your ICS Equipment?” whitepaper released by TrendMicro

Posted on by
Reply
TrendMicro released a whitepaper by researcher Kyle Wilhoit, who also presented the “Who’s Really Attacking Your ICS Equipment?” research at the Black Hat EU 2013 conference in Amsterdam. The research presented Wilhoit’s observations of attacks on an Internet-facing honeypots set up to detect who and/or what is attacking ICS/SCADA devices that are on the Internet. Wilhoit’s honeypots, a mix of high and low-interaction honeypots, were designed to mimic the setup of a water pressure stat << More >>

NERC CIP v5 is Coming; START PREPARING NOW!

Posted on by
Reply
It’s official: NERC CIP version 5 (v5) is scheduled for approval in April 2013 by FERC (Federal Energy Regulatory Commission). Over the years, NERC (North American Electric Reliability Corporation) CIP (Critical Infrastructure Protection) has provided compliance regulations that stretch across the electric industry. Although NERC is a moderately young organization, the most recent version (version 4) extended its reach to additional organizations across the electric sector, including nuclear f << More >>

More NERC CIP Version 5 Details Emerge

Posted on by
Reply
Recently, NERC posted an Industry Webinar entitled “Version 5 CIP Standards: A Focus on ‘Correcting Deficiencies’”. Readers should take the time to quickly review the slides associated with this webinar as the slides point out some important philosophical shifts between NERC CIP version 4 and NERC CIP version 5. Importance of Correcting Deficiencies Among the important updates are the following proposed values of CIP v5: Importance of process to correct deficiencies Greater alignment of << More >>

Black Hat Report from the Field Day Two:

Posted on by
Reply
Industrial Defender’s Jacob Kitchel is on the ground attending Black Hat 2012.  From the Las Vegas heat he’s interpreting sessions and research that related to automation system and industrial control system operations. BH Session: Spanish Security Researcher has a Nose for Backdoors Talk Title: Here Be Backdoors: A Journey into the Secretes of Industrial Firmware As truffle hunters across Europe use pigs to sniff out truffles, Spanish Security Researcher Ruben Santamarta uses his skills to << More >>

BlackHat Report from the Field Day One:

Posted on by
Reply
Industrial Defender’s Jacob Kitchel is on the ground attending BlackHat 2012.  From the Las Vegas heat he’d interpreting session and research that related to automation system and industrial control system operations.   BH Session: GHz or Bust Researchers demonstrate sub-GHz radio is no longer a barrier to security testing Researchers at the annual Blackhat USA security conference in Las Vegas demonstrated that sub-GHz hardware and wireless technology, which has traditionally been unr << More >>

A Review of the Electric Subsector Cybersecurity Capability Maturity Model (ES-C2M2)

Posted on by
Reply
What is the ES-C2M2? On May 31, 2012, the Electric Subsector Cybersecurity Capability Maturity Model (ES-C2M2) was released by the Department of Energy (DOE) in conjunction with the Department of Homeland Security (DHS) as a White House supported initiative. The advisory group which contributed to the initiative included representatives from industry associations, utilities, government, and over 40 subject matter experts (SMEs). The objectives of the model are to: Strengthen cybersecurity capab << More >>

What to do about Flame malware

Posted on by
Reply
The biggest cyber security related news story this week has been about the Flame/Wiper malware. The event has gotten high profile coverage by several media outlets (included below). So far, there have been no strong indicators that the Flame virus is tied to anything ICS or SCADA related. There has been plenty of speculation in the media coverage that Flame does target ICS environments based on its apparent sophistication and the countries in which infected machines were detected. After reading << More >>

ICSJWG – Key Takeaways

Posted on by
Reply
If you attended the recent ICSJWG Spring 2012 conference, you likely attended the panel that Industrial Defender organized entitled “Key Takeaways from S4 and Project Basecamp.” Moderated by Bob Lockhart from Pike Research, the members of the panel included: Markus Braendle, ABB Robert McComber, Telvent/Schnieder Graham Speake, Yokogowa Brad Hegrat, Rockwell/Allen-Bradley Jonathan Pollet, Red Tiger Security Jacob Kitchel, Industrial Defender There were a lot of good questions, strong opin << More >>

ABB makes the tough, but right choice to not patch in latest advisory

Posted on by
Reply
On April 5, 2012, ICS-CERT issued an advisory regarding buffer overflows in the COM and ActiveX scripting interfaces to the ABB WebWare Server application discovered by Billy Rios and Terry McCorkle. Threatpost also covered the advisory as a follow up to previous coverage of Rios’ and McCorkle’s “100 Bugs in 100 Days” project. At first glance, it would be easy to be perplexed or outraged that a software vendor would refuse to provide a patch for a security issue. The reality is that this << More >>