Digital Bond
Site Moved … Go To Dale-Peterson.com | Mark As Read |
We are no longer updating the digitalbond.com site. All new content is being loaded on dale-peterson.com. So head over there for the latest videos, podcasts and blogs. We will retain this site for a while and then point digitalbond.com to dale-peterson.com
Unsolicited Response Podcast: Dan Geer Interview | Mark As Read |
I had the pleasure of interviewing Dan Geer on the S4x18 Main Stage for 30 minutes. He typically speaks from prepared papers, so an interview is a bit unique, and his papers provided plenty of topics and questions. http://traffic.libsyn.com/unsolicitedresponse/Dan_Geer_Interview.mp3 We covered a wide range of issues including: Risk: The impact of c...
Site Update Coming Feb 1st | Mark As Read |
S4x18 was a big success, in my eyes, and a huge amount of work. A major web site update planned for December 1st shifted to January 1st and then post S4. We will have the new site up on January 31st. This is why you are not seeing new articles here, but I'd encourage you […]
Unsolicited Response Podcast: Interview with Steve Bitar and 10-minute Rant | Mark As Read |
This episode begins with a 10 minute monologue from Dale Peterson on why demonstrations of insecure by design, no SDL and modifying physical processes is not particularly interesting for the advanced ICS security audience … and why it is still important. Then we play Dale Peterson's interview with Steve Bitar of ExxonMobil on the Open Process...
The ICS Security Stories We Tell And Love | Mark As Read |
We, the ICS community, have some mantras: It will take decades to fix the ICS security problem Operations Technology (OT) is different than Information Technology (IT) You can't do X, Y or Z in ICS because … which is followed by a variety of reasons such as the system can't go down, we can't introduce […]
Unsolicited Response Podcast with Rob Lee | Mark As Read |
Dale Peterson interviews Rob Lee, founder and CEO of Dragos – SANS 515 Creator – former SCADA Diva – Chief FUD Debunker – …, focusing on how an asset owner should select an advanced IDS detection solution from a crowded market of 25+ new offerings. http://traffic.libsyn.com/unsolicitedresponse/rob-lee.mp3 Here is a bre...
Unsolicited Response Podcast with Joel Langill | Mark As Read |
Joel Langill, aka the SCADAHacker, joined me on the Unsolicited Response podcast to discuss ICSsec training and workforce development. Joel is the Director of ICS Cybersecurity at AECOM, see http://www.aecom.com/solutions/converged-resilience/. He also runs the popular ICS security website https://scadahacker.com/ , and details on the training he d...
Unsolicited Response Podcast Is Back … With John Matherly of Shodan | Mark As Read |
Rebooting the Unsolicited Response Podcast was one of my 2017 goals, and I didn't want it to be one and done. So I recorded a number of them before issuing this first episode so you can expect at least one a month. (Episode 2 is with Joel Langill, aka SCADAhacker). If you have any suggestions […]
Insanely Crowded ICS Anomaly Detection Market | Mark As Read |
Goal: Help Owner/Operators select the best anomaly detection solution for their ICS. It sounds simple, but after getting numerous demos and pitches from vendors, the almost unanimous contention from each vendor was that their solution was the best. Why? Because they go deeper, understand the protocol, system or user better than the competition, who...
Evaluating ICS Anomaly Detection Solutions | Mark As Read |
It's not getting better, and the number of vendors offering ICS anomaly detection solutions continues to grow in numbers and angel/venture funding. How is an asset owner to determine what anomaly detection approach, if any, is right for them? The first decision points are simple: Are you ready for ICS anomaly detection? If your ICS […]
RSA Conference Report | Mark As Read |
ICS Industry Pioneer and Expert Eric Byres of ICS-Secure reports on the RSA Conference last week. I just returned from the RSA Conference 2017 in San Francisco, after a five year hiatus. If you are not familiar with the RSA Conferences, they are one of the largest cyber security events in the world, with a reported 40,000 […]
Attack On Ukraine Power Grid Added To S4x17 Agenda | Mark As Read |
Learn More and Register For S4x17, Jan 10-12 in Miami South Beach We have learned in recent years to leave a slot or two for late breaking attacks on ICS or hot research in the S4 agenda. Ukraine has helped fill this spot now for the second year in a row. We know that something […]
Secure ICS Protocols at S4 | Mark As Read |
2016 was a turning point with secure ICS protocols. For a while it was limited primarily to OPC UA and DNP3 SA, but 2016 brought us a secure version of CIP / Ethernet/IP, Secure Modbus and a couple of others that will soon be unveiled. This should be enough critical mass to force the other protocol […]
More S4 CTF Tips and Info | Mark As Read |
Register for S4x17 now! Ticket Block 151 – 200 on sale now for $1,395. First – Reid provided me with the official Killer Robots, Inc logo. Second – My thoughts on who should consider participating in the S4 ICS CTF. A person with hacking skills, but little experience in ICS. The flags will give you […]
Ransomware Hitting ICS | Mark As Read |
There are two sessions at S4x17, Jan 10-12 in Miami South Beach, covering actual ransomware incidents in ICS. Marcelo Branquinho of TI Safe will go over two case studies that occurred in South America on the Main Stage, and RSA will discuss an ICS ransomware case in the US that also involved the FBI. All […]
Developing Next Generation of ICS Security Talent | Mark As Read |
We wanted to do it at S4x16, but couldn't get it done. It's going to happen at S4x17. A South Florida High School Class will go through two days of hands on automation and security training with Matthew Luallen and the CybatiWorks kit, and then 12 of the students and their teacher will come to the […]
Killer Robots, Inc. at S4xCTF | Mark As Read |
OSIsoft is back again as a S4xCTF sponsor, and they are bringing back Killer Robots, Inc. with new and unsolved flags from last year. Enter Harry Paul of OSIsoft to give you some information and hints to help you get some of the PI System related flags in the S4x17 CTF. The S4x17 Killer Robots […]
Great Content on Sponsor Stage at S4x17 | Mark As Read |
See the S4x17 Agenda and Register Now We had a number of sponsors at S4x16 complain that few of the 300 attendees came to their talk, although a few were standing room only. So this year we were blunt, your sponsor session is competing against quality content on the Main Stage and Stage 2: Technical Deep […]
What Do You Want To Ask Justine Bone of MedSec? | Mark As Read |
Submit and Vote on Questions for Justine Bone of MedSec I am pleased to announce that Justine Bone of MedSec agreed to an interview on the Main Stage at S4x17. Vulnerability disclosure is and has been a contentious topic in ICS. I generally don't write much about it because the person or organization that finds […]
How Deep Is Your ICS Deep Packet Inspection (DPI) | Mark As Read |
Check out the S4x17 Agenda At A Glance and Register Now The industrial firewall and ICS anomaly detection markets are getting very crowded. The industrial firewall market is older, but it is still expanding both in specialized ICS firewalls and enterprise firewalls adding ICS protocol support. The ICS anomaly detection market has exploded with a ne...
Serial Killers: Ethernet/Serial Gateways Exposed | Mark As Read |
One of the nastiest aspects of the attack on the Ukrainian Electric Distribution System was bricking the Moxa Ethernet-to-Serial gateways. Industry insiders have known these little devices were a security problem. Reid goes over the timeline when it was disclosed to Moxa prior to Ukraine, their public promise to fix it by August 2016, and […]
Reid Wightman Starts New Company: RevICS | Mark As Read |
After two years establishing and running Digital Bond Labs, Reid and I have decided that it makes more sense to run this as a stand alone business. So I have the honor to be the first to announce and congratulate Reid on his new company: RevICS. In all candor I've been surprised that the synergies […]
The Ghost of S4 CTF Past | Mark As Read |
We have been preparing some new and interesting challenges for the S4 CTF this year, and I think that players will have a lot of fun with what we have in the works. We have a number of nice challenges that involve breaking and entering into our ‘Killer Robot Factory’ (players from last year’s CTF […]
S4 Video: Attacking The Plant Through WirelessHART | Mark As Read |
There are two weeks left to submit your session proposal for the S4x17 Main Stage or Stage 2: Technical Deep Dives. Take a look at the Call For Presentations and submit this month. Subscribe to The S4 Events YouTube Channel This S4xVideo is a great example of what we try to do on Stage 2. Jalal […]
Why Invest In Complexity (Toecker) | Mark As Read |
This guest post is by Michael Toecker of Context Industrial Security and a Digital Bond Alumnus. It first appeared on the SCADASEC list. I thought it was great, and Michael kindly allowed us to post it here. The world isn't about just the process anymore, it's not just about moving water from A to B, or […]
DNS Slides and Tools Release | Mark As Read |
Way back at S4xJapan, 2015, Labs did a small research project on DNS domain squatting. We never thought that it would amount to much in terms of press, but did think that would be a useful talk to spur vendors into action before it was too late. Already we have discovered some very popular […]
S4x17 Call For Presentations | Mark As Read |
Today through August 31st the S4x17 Call For Presentations is open. It is the place to present advanced topics in ICS and related fields to an audience will get it. The process is real simple. Send an email with 2 or 3 paragraphs on your session idea to s4@digitalbond.com. We evaluate session proposals as they […]
S4 Classic Video: Langner’s Stuxnet Deep Dive | Mark As Read |
Tomorrow we will be officially opening the S4x17 Call For Presentations (CFP), so I thought it would be the perfect time to highlight one of the S4 Classics to show what a S4 Technical Deep Dive looks like. Watch how Ralph goes through the code/logic in detail so you can see the key features of Stuxnet, […]
S4x16 Video: Langner’s Critical Penetration Analysis in Nuclear Power | Mark As Read |
A great 22 minute presentation by Ralph Langner of The Langner Group at S4x16. He provides some very specific examples of a cyber / physical attack on nuclear power plants. For example, a cyber attack on all of the feedwater systems. What is the key to this type of attack? Studying the design plans, particularly […]
S4xEurope Video: IRONGATE – Technical Deep Dive | Mark As Read |
We decided to put the IRONGATE video from last week's S4xEurope out first. There is no new big reveal over the information put out in the FireEye article, but Rob provides a lot of context that makes it easier to understand. He also focuses on unanswered questions and a comparison to Stuxnet. If this is […]
S4x16 Keynote Video – General Michael Hayden | Mark As Read |
General Hayden gave the Day 1 Keynote at S4x16 and really brought it. He had strong and often controversial opinions that were well defended. He pointed out where he disagreed with President Obama, FBI Director Comey and most of Europe. Check it out below or on our new S4 Events YouTube Channel. Viewing Notes: After a bit […]
Why IRONGATE Is A Big ICS Security Story | Mark As Read |
We were thrilled to add a session by Rob Caldwell / FireEye to next week's S4xEurope agenda when we learned in April about the ICS malware they have named IRONGATE. This is the second biggest ICSsec story of the year to date, albeit a distant second from the Ukrainian Power Utility hack. FireEye published some technical info on […]
S4x16 Video: Billy Rios … Infusion Pump Teardown | Mark As Read |
Billy Rios of Whitescope gives a classic S4 Technical Deep Dive on a medical device called an Infusion Pump at S4x16 in Miami South Beach. He opens them up, shows the hardware, connections between boards, attack paths, default credentials, rogue firmware upload and more. Billy goes over three different infusion pumps. 3:00 Hospira PCA 14:40 […...
S4x16 Video: Interview with Marty Edwards, Director of ICS-CERT | Mark As Read |
I had the chance to interview Marty Edwards who leads the ICS cyber security effort at the US Department of Homeland Security (DHS). The first 6 minutes introduce Marty and clarify what ICS-CERT does (it's much more than a CERT). 6:50: What are ICS-CERT's goals / metrics / measures of success? 9:05: What is the […]
- Welcome!
- SecurityCentric aggregates blogs for the Security industry.
- Custom Feeds
- Add any RSS feed to the information you read daily.
- Blocked Feeds
- Block feeds to remove blogs you’re not interested in.
- Account Settings
- Customize the site by adding or removing feeds.
Don’t have an account yet?
- Customize your settings
- Edit how your blog displays
- Add or remove blogs you read. Sign Up.
About Us
SecurityCentric is your source for all your Security news.
Know of a Security blog that we're missing? Let us know! |