Unfettered Blog

The fallacy of not sharing ICS incident information

This blog is not about people but organizations and the fallacy of not sharing information. I believe there are many people in industry willing to share information about ICS cyber incidents. However, in too many cases, they are not allowed to do so.

Utilities are still vulnerable and connected – case history to be presented

The week of October 1st, Project SHINE found an electric substation directly connected to the Internet. Project SHINE analysts were able to see DNP3 ports, Serial Port Server ports, Telnet interface ports, and a web page server. As of the week of October 7th, the substation device was disconnected.

Utility assets continue to be cyber vulnerable and critical information publicly accessible

Project SHINE recently found an electric substation directly connected to the Internet. Project SHINE analysts were able to see DNP3 ports, Serial Port Server ports, Telnet interface ports, and a web page server. They discovered this via search engines without even accessing the site itself.

Vendor patching and older systems

While discussing the recent turbine loss of control issue, I was reminded of a software version issue that I first encountered during Y2K. That is the issue of how long vendors will support older versions of software.

Draft agenda for October ICS Cyber Security Conference is now available

The draft agenda for the October ICS Cyber Security Conference is now available at www.icscybersecurityconference.com. As events continue to unfold, the agenda will be modified accordingly.  A new session is being added to address the recent loss of turbine control incident that will be led by the utility.  If you...

Security patches can impact reliability and safety and people aren’t aware!

Five months ago, the utility hosting the ICS cyber security test bed met with one of their major ICS vendors.  Some of the security patches actually impacted the reliability of the ICS and the overall system.

AURORA and Its Effectives on Cybersecurity: Too Early to Pass Final Judgment

Since the original AURORA test bed at Idaho Labs in 2007 much has been said about the merits of the test conducted and many conjectures concerning its validity have been made.  It is important to remember that AURORA is not an isolated case that exists outside the cybersecurity framework.  To...

Stanford University presentation on cyber security of industrial control systems

On October 12, 2011, I gave an invited presentation on cyber security of industrial control systems to a graduate electrical engineering colloquium at Stanford  - http://www.youtube.com/watch?v=S3Yyv53dZ5A.

Latest Aurora information – this affects ANY electric utility customer with 3-phase rotating electric equipment!

There have been numerous discussions about cyber risk within NERC, the utilities, and ICS equipment suppliers. Aurora is an unresolved risk that could have significant impact on the utilities, suppliers of relay protection devices, and utility customers with 3-phase rotating equipment.

What is Operations Technology (OT) and why is it important to secure ICSs

There are starting to be more discussions about the need for integration between Information Technology (IT) and Operations Technology (OT) to secure ICSs. From my experience, I have found very few effective OT managers. I believe an effective OT manager must be very familiar with ICSs and their constraints and...