Best Ways to Effectively Implement Change Management in ICS

Posted on January 3, 2013 by Kim Legelis

ICS are the operational systems in which we rely upon to provide us with everyday essentials, such as power, natural gas and water. When these systems are working well and flawlessly, operators have little reason to alter or make innovative changes to them. Embarking on monumental changes is a huge undertaking for these control systems, most of which are very large and critical to normal functionalities for the general public. However, the time has come to upgrade and/or replace these aging, out << More >>

RuggedCom SSL Vulnerability Mitigations – Are PCN Best Practice Architectures the Safe Bet ?

Posted on August 28, 2012 by Venkat Pothamsetty

ICS CERT recently issued a warning on SSL key management private keys stored in the operating system causes an attacker to decrypt the communications to the RuggedCom device. Which Devices Might be Affected ? The reported vulnerability is in ROS SSL, so it means that only web management of Rugged’s switches and some other small devices such as terminal servers might be affected by the vulnerability. What does the Vulnerability Mean ? A hard-coded private key means that every device running R << More >>

ICSJWG – Key Takeaways

Posted on May 17, 2012 by Jacob Kitchel

If you attended the recent ICSJWG Spring 2012 conference, you likely attended the panel that Industrial Defender organized entitled “Key Takeaways from S4 and Project Basecamp.” Moderated by Bob Lockhart from Pike Research, the members of the panel included: Markus Braendle, ABB Robert McComber, Telvent/Schnieder Graham Speake, Yokogowa Brad Hegrat, Rockwell/Allen-Bradley Jonathan Pollet, Red Tiger Security Jacob Kitchel, Industrial Defender There were a lot of good questions, strong opin << More >>

After Thoughts on ICSJWG

Posted on May 15, 2012 by Kim Legelis

As you may know, Industrial Defender spent the last few days down in sunny Savannah, Georgia at the Industrial Control Systems Joint Working Group Spring Conference. For your reference, the Department of Homeland Security established the ICSJWG to facilitate information sharing and reduce the risk to the nation’s industrial control systems. At this conference, Industrial Defender organized and participated in a panel session entitled Key Take-Aways from S4 and Project Basecamp. This sessio << More >>

Network Anomaly Detection Underappreciated

Posted on April 15, 2010 by Andrew Ginter

Industrial Defender field personnel almost never see enterprise-class anomaly detection products deployed on industrial networks, yet we see anomaly detection techniques used routinely. In the course of doing the work for my anomaly detection presentation at the ICSJWG Spring Conference, it became clear that our customers appreciate the ability to see and understand their network communications patterns every bit as much as they appreciate seeing alerts when communications patterns change. The s << More >>

ICSJWG 2010 Spring Conference

Posted on April 10, 2010 by Andrew Ginter

Highlights of the spring conference: The plant security working group of the WIB International Instrument User’s Association (www.wib.nl) has published report “M 2784 X10″ entitled “Process Control Domain – Security Requirements for Vendors”. Shell was a driving force behind this standard available for download here (note: WIB permission is needed to redistribute). Shell is starting to require their vendors to certify against M-2784 and Wurldtech is putting t << More >>

M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

ICS Perspectives

Tag Archives: ICSJWG