Unfettered Blog

ICS Cyber Security Lecture at Air Force Institute of Technology- AFIT

December 16th, I was hosted by the Center for Cyberspace Research at AFIT to deliver a lecture on ICS cyber security which appeared to be well-received. The lecture was from the perspective of the industrial community. In my view, AFIT is one of the technical leaders in defending ICSs. 

Link for Fraunhofer lecture on ICS cyber risk

December 2nd, I gave a lecture at the Fraunhofer Institute in Darmstadt, Germany on ICS cyber risk. December 9th, I gave a lecture on ICS cyber forensics. The main page for the lecture series is:http://www.ec-spride.tu-darmstadt.de/en/colloquium-industrie4.0/. The video for your first lecture is:https://openlearnware.hrz.tu-darmstadt.de/#!/resource/caveats-in-risk-assessment-in-the-context-of-cyber-attacks-2870

Iran attacking critical infrastructures-Cylance report

December 2nd, the Cylance report on OpCleaver, Iran attacking critical infrastructures was made public. Unfortunately, the organizations reponsible for protecting our critical infrastructures do not appear to be taking this threat seriously.

Presentation at International Atomic Energy Agency (IAEA)

I will be giving a presentation December 8th at IAEA in Vienna on ICS cyber security at the IAEA Technical Meeting on Computer Security Topical Area Awareness for Nuclear Facilities.

The arrogance of the US nuclear power industry - we don't want to look at everything

The Nuclear Energy Institute (NEI) has filed a rulemaking proposal with the NRC to REDUCE the number of systems and components to assess for cyber security. Given that nuclear plants are such high value targets and there are so many current malware attacks against control systems, this doesn't make any sense.

How can ICS cyber security risk be quantified and what does it mean to Aurora

There is little information on frequency of ICS cyber attacks. HAVEX and BlackEnergy have been targeting selected ICS vendor HMIs that could be used to give remote access to the attackers. Once your computer is owned there's not much the attacker can't do.

The power industry has unique technical needs in addressing cyber security - NOT!

The Convenor of IEC TC57 WG15 sent a note to ISA99 stating that the power industry organizations have additional or different security situations that are causing us to create our own security standards and guidelines. Other than for compliance reasons (NERC CIP), the power industry is NOT different than other...

Highlights from the 2014 ICS Cyber Security Conference

The highlights from the 2014 ICS Cyber Security Conference can be found at www.icscybersecurityconference.com. Conference presentations and discussions included actual ICS cyber incidents, new ICS cyber vulnerabilities, and new ICS cyber security technologies.

The Chinese truly are attacking our critical infrastructure

There have been many reports of the Chinese and others attacking our critical infrastructure.  Bob Radvanovsky from Infracritical acquired some Ruggedom switches from E-Bay and set up a network emulating a well pumping station. Within 2 hours of connecting the systems, he was being attacked primarily from China.

The agenda for next week's Conference is being finalized - new issues continue to occur

The near-final agenda is now available at www.icscybersecurityconference.com. In finalizing the agenda, one of the presenters will provide very recent results of an ICS honeypot that is being attacked from China. The Chinese were trying to take both root and administrative access to very popular substation communication devices.