Archive for the "Critical Infrastructure" Category

Sort by:

Back to the Future?

A friend and I were discussing some new security features in a well known brand of Programmable Logic Controller (PLC). The features are almost exactly what most IT security experts have been demanding for years. Unfortunately, they are also very complex, arcane, and difficult for a typical engineer to want to mess with. If it […]

The Need for Control System Cyber Forensics

There is a perception that control systems, including field devices, have cyber forensic capabilities similar to those of IT systems. That perception is wrong. A control system generally has a Microsoft front-end human-machine interface (HMI) that shou…

Observations of Joe Weiss’ ACS Conference

Although I was invited to attend one of Joe’s social gatherings several years ago, I have never attended any of his conferences, until this past week.  Despite the fact that critics of Mr. Weiss have stated that he is self-serving, contrary to popular belief, he is not.  Joe encourages people to meet, network and discuss […]

Remembering the 10th Anniversary of 9/11

Instead of providing a prayer for the those lives lost during and after 9/11, I wanted to take this time to instead do a retro-introspective look at something that most people don’t really think about: ourselves. One of the discussions recently brought up during a newscast on Saturday (9/10) was asking people: “What did you […]

Project “NINJA”

Codenamed “NINJA”, is an acronym meaning “Network INtelligence Joint Analysis“. The idea or notion behind this project is to provide a method by which to test, evaluate and enumerate serial and/or network connected SCADA and control systems devices. This project makes use of Fyodor’s Network Mapper (NMAP) utility, and all scripts written and provided by/through […]

The Great Control System Failure?

  I have taken a bit of vacation away from comment and analysis of various aspects of critical infrastructure.  This is a good thing as you can become stale, stilted, and loses objectivity on a topic.  It is the objectivity issue that was just brought home in a blinding flash, quite literally. As you probably […]

Thoughts about a government-controlled ‘infrastructure Internet’…

If I may make a comment about this very topic… Let me see if any of these items are true (I may not have ALL items listed, so don’t crucify me): (1) Communications (both data and voice) has gone to the Internet; private communications connections now exist thru VPN connections. (2) Private communications used to […]

Has the U.S. lost its way with “critical infrastructures”?

One might think so these days, as the focus tends to be “cyber related”. The term “cyber” (alternatively called a “cyber system”) is a nebulous term used to describe any computational electronic device. This is a very *wide* definition in that it describes information technology (IT) systems, control systems (SCADA, RTU, DCS, PLC, etc.), and […]

What No Security Standard Addresses

In Dale Peterson’s recent blog, he notes that FISMA/NIST 800 aren’t very effective. It got me thinking what good these standards actually do here in the US, and in Britan (where they’ve had the CPNI standards for a while). I am beginning to get the feeling that this effort is very much like those notorious […]

Communication Fundementals

Communication Networks are imprecise things at best. For thousands of years all creatures have been trying to communicate all kinds of information. Some species do it very well and man has yet to understand how it is done. Consider a flock of birds that appear to move as one, left, right, up, down, taking off, […]