CISA Hits a Home Run!

In their Water and Wastewater Systems Security Recommendations, CISA touched on a subject that I rarely ever see anywhere: Before working on security, it helps to make the automation and the process more resilient. Even more important, the automation should actively refuse certain toxic moves. Yes, CISA was recommending that all Automation be made safer. […]

SCADA Apologists?

I really wish things were as simple as Dale Peterson makes them out to be. I’m not an apologist for the security situation among industrial control systems. But if all we had to do is lift a pen and sign off a few dozen checks, the security issue would have been done and gone already. […]

SCADASEC blog website is now secure

Our web site before was not completely secured, and we used self-signing certificates as an interim measure to ensure that the site was secure. Since we are not conducting e-commerce of any kind, the need for über super-secret security wasn’t necessary. Our choice was to use a more cost-effective CA provider called ‘Comodo’. Widely used […]

Don’t overlook the most consequential control system cyber events of 2020

URL: Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers, an incident that prompted Presidential Executive Order (EO) 13920. The hardware backdoors are obvious control system threats. The second event was the Russian SolarWinds […]

The SolarWinds hack can directly affect control systems

A highly sophisticated Russian Intelligence group has compromised the SolarWinds Orion platform which has an estimated 18,000 customers and an unknown but vast number of sites. The SolarWinds advisories and webinars have focused on the IT networks, network visibility, and data exfiltration/compromise. However, SolarWinds is also used to directly monitor and CONTROL SNMP devices including […]