Blog

ICS-CERT continues to reach out to the vendor community to bring awareness of the OpenSSL vulnerability (CVE-2014-0160). Because OpenSSL may be used as a third-party component, ICS-CERT advises asset owners, operators, and SCADA software developers to investigate the use of the affected versions of OpenSSL in their environments.

Read more

The Forever Control Systems Technology Dilemma

Technologists who care about control system security are always in two worlds of dilemma.

Read more

ASM 5.6 adds a whole new level of interoperability with the security technologies that have been deployed to address vulnerabilities in control systems. ASM now collects data from a wide range of best-in-breed security technologies to provide the highest level of situational awareness for industrial control systems. Customers assert that using ASM has saved them 80% of the time it takes to identify, analyze, and report on their ICS cybersecurity and compliance activities.

Read more

After nearly 12-years of passion, perseverance, commitment and most importantly TEAM-WORK, today marks a monumental day in the company’s history with the announcement that we have reached an agreement to be acquired by Lockheed Martin. Read the press release.

Read more

Executive Summary

It has been 16 years since Presidential Directive 63 (PDD-63) was released. The directive broadened the definition of critical infrastructure and defined what systems were “essential to the minimum operations of the economy and government”, and ultimately called for public-private partnerships to “swiftly eliminate any significant vulnerability to both physical and cyber-attacks on our critical infrastructures”. PDD-63 eventually led to the creation of the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) program.

Read more

In case you missed the news, ASM was recently certified on Schneider Electric’s OASyS SCADA platform and the Oil & Gas application suite. We officially partnered with Schneider back in late-2012 and have had numerous successful joint deployments. The certification is timely considering the uptick in cyber threats against control systems. I’m not talking about Stuxnet and Duqu from a few years back. Those were a big deal, but they were really the outliers as ‘nation-state’ sponsored activities. The more recent Target breach has been traced back to access credentials stolen from a refrigeration and HVAC system contractor in Sharpsburg, Penn. Then there is the case of Google’s Australian headquarters building being hacked led by a former employee just to prove out a flaw in their system.

Read more

Introduction

Industrial Control systems (ICS) and Operational Technologies (OT) has seen their share of buzz words and trends associated with them over the years. Surprisingly the latest buzz word “Internet of Things” has been escaping any association with control systems, and has got little attention in the core ICS world.

Read more

This is a post in a series of blogs about adapting Continuous Delivery concepts and tools to Industrial Control Systems environments.

Read more

Wall Street Journal ran a detailed story on the sniper attack at Pacific Gas & Electric's (PG&E) Metcalf transmission substation today. The attack details are fascinating. Snipers surgically eliminated pieces of equipment designed to do maximum damage. PG&E was able to route power to avoid blackout, but if it were a warm September afternoon as opposed to a mid-April night, it would have been a different story.

Read more