Blogs

Listen up Cyber-folks

Congressman James Langevin, (D) Rhode Island, keynotes the ACS Cybersecurity Conference: ...

Is there a SCADA link in the Terry Childs incident in San Francisco?

San Francisco and SCADA Jake Brodsky brought up the following, "Do management and law enforcement types have any clue as to how one might regain control of a SCADA system after a rogue employee has secured everyone out of it?" I had planned on saying something at the Conference next...

Cyber Security isn’t just about terrorism

Computer engineer Terry Childs, 43, is being held on $US5 million ($5.1 million) bail after refusing to hand over the password to San Francisco's FibreWAN system. The network handles up to 60 per cent of the city's government data such as emails, employee financial details, police documents and jail records.

Some Competition for the Tofino Device?

I've been interested in "edge device protection" for about six or seven years now, ever since Eric Byres showed me the need for something that eventually became his Tofino Device (now available from MTL).

Is there a difference? You be the judge.

Walt Boyes here, stealing Joe's bully pulpit for a moment. MU Security just sent me a press release, quoted below. I submit there is a difference between what this release describes and the infamous Core/Citect incident. And I further submit that the difference is NOT Citect's absolutely abysmal response.

Where ARE the experts?

Where are the experts? Several weeks ago, a conference was held by the Brookings Institute and Google on plug-in electric vehicles. In addition to the topic of plug-in vehicles, there was a discussion on cyber security of the electric grid by some very important industry, media, and government individuals.

What ARE the vendors really building?

The major control system suppliers are claiming they provide tested secure DCS and SCADA systems. To my knowledge, at least four major control system suppliers, in this case 3 DCS and one SCADA, are providing less security than advertized.

For the record, Citect responds to Core

From the press release, verbatim (cross-posted from "Unfettered"):  Citect reassures its customers on the security of their SCADA networks Sydney, Australia [June 12, 2008] – Citect has moved to reassure its SCADA customers they are extremely unlikely to be at risk from potential security breaches found by Core Security Technologies...

For the record: Citect responds to charges by Core

From the press release, verbatim: Citect reassures its customers on the security of their SCADA networks Sydney, Australia [June 12, 2008] – Citect has moved to reassure its SCADA customers they are extremely unlikely to be at risk from potential security breaches found by Core Security Technologies in Windows-based control...

Core Technologies outs Citect to Associated Press-- is this ethical?

, Core Technologies "reported exclusively" to the Associated Press about a buffer overflow vulnerability they found in CitectSCADA. The flaw is repaired, although, once again Core insists that it was "five months" before Citect responded to their notification.