Submitted by Eric Byres on Fri, 2014-01-31 16:26
Dale Peterson and I have been debating ICS security in our blog posts for over a year now. This January, we took our debate live at the S4x14 conference in Miami, Florida. While Dale refers to me as a SCADA Apologist, I believe I am more of a SCADA Realist.
Submitted by Eric Byres on Wed, 2013-01-30 13:31
As a reader of this blog you likely don’t need to be convinced that SCADA and ICS Security need to be greatly improved. There are several ways to go about accomplishing that, and I am glad that there is a healthy dialogue underway on this topic within the industrial security community. This includes the back and forth between myself and Dale Peterson of Digital Bond, that continues with this article.
Submitted by Eric Byres on Wed, 2013-01-16 21:00
The SCADA Security Scientific Symposium (S4), put on by Digital Bond every year, is an event I look forward to. It brings together the leading researchers and thinkers on ICS security and is always exciting.
Submitted by Eric Byres on Thu, 2012-11-08 10:28
Who is responsible for fixing the thousands (some say 100,000) of vulnerabilities that exist in PLCs, DCS, RTUs and other automation devices that are in use in facilities around the world?
On the one hand, we have the position of Dale Peterson at Digital Bond. Dale ardently argues for (and takes) aggressive measures to pressure ICS vendors into making their products more secure. Through their 2012 Project Basecamp and subsequent disclosures, Digital Bond publically released vulnerability details for a large number of controllers.
Submitted by Eric Byres on Fri, 2012-01-20 14:08
I am flying home from Digital Bond’s S4 SCADA Security Symposium as I write this (BTW this was a stellar event where, even as a security expert, I learnt an amazing amount). After listening to two days of excellent, but scary talks, the first thing that comes to mind is “SCADA/ICS security is in worse shape than I thought”. Much worse shape…
Submitted by Eric Byres on Thu, 2011-08-04 15:07
My optimism regarding Siemens and its approach to SCADA/ICS security has just taken another big hit. There are major security problems at Siemens and they are not close to fixing them.
I am embarrassed I gave them such high marks in my previous blogs.
Submitted by Eric Byres on Mon, 2011-06-20 09:59
Last week in his blog article, Fix the Problem, Stop Bailing out Vendors, Dale Peterson made an impassioned statement that the SCADA security community:
“needs to put all our efforts and emphasis in the PLC, RTU, controller space on getting vendors to add basic security features to their models available for sale today… We should not say or pretend that any other solution besides this is acceptable. Fix the problem!”