-
Tuesday, June 02, 2009
Achilles Helps Make The Smart Grid Safe & Secure
We’re excited to announce the latest feature enhancement to our award-winning network testing platform – Achilles. In an effort to help improve the security and robustness of emerging industrial wireless and smart grid infrastructure, we have expanded the testing capabilities of the Achilles Satellite to allow manufacturers of wireless networked devices communicating over IEEE 802.15.4 to identify cyber vulnerabilities before deploying them into our critical electric power infrastructures.
Read full story
-
Tuesday, May 19, 2009
Wurldtech Announces Achilles Certified OPC
We’re excited to announce the next phase in our Achilles certification program with an agreement with MatrikonOPC to create the worlds first security certified industrial connectivity infrastructure.
With all the attention lately in the media surrounding cyber terrorism and the vulnerabilities found on the networks that control and manage global critical services such as power, energy, transportation and telecommunications, the need for more practical, data-driven solutions has never been so great. This announcement highlights the continued expansion and growth of our internationally-recognized certification program and further solidifies the “Achilles Certified” brand as the defacto standard for communicating industrial control infrastructure ...
Read full story
-
Monday, December 15, 2008
The Answer – One More Than You Have
I attended the West Coast Security Forum (WCSF) during the first week of December and I must share with you a major advancement in my understanding of layered defense strategies. I have attended many conferences and I am always looking for that nugget of truth that I can walk away with and apply to my work. Well, the WCSF did not let me down. From an anonymous voice in the crowd I heard that sage advice that we all seek. I asked the audience when using a layered defense strategy, how many layers of defense are enough? The first response ...
Read full story
-
Monday, September 15, 2008
IEEE PES - PSRC Insights
I had the opportunity this week to sit in on several IEEE PES working group meetings while attending the Power System Relaying Committee meeting here in Vancouver, Canada.
I attended sessions on the reliability of networked devices and network infrastructure in power substations, and on architectures for SCADA security. I have a couple of impressions based on what was discussed:
There is quite a bit of uncertainty in the industry around security issues. For some operators, not seeing a clear direction for security measures in order to meet NERC-CIP has led them to disable some communications channels rather than try ...
Read full story
-
Thursday, August 14, 2008
ACS Cyber Security Conference Wrap-up
Dr. Nate Kube and myself attended the Applied Control Solutions Conference last week in Chicago, and it was an interesting event to say the least. Joe Weiss, the organizer of this event, has always done well with a “central theme” in such events, and this year was no exception.
Initial Impressions:
The conference opened with a video presentation from US Congressman Langevin, and it is clear that the issue of SCADA and control systems security are an important issue to him and the US Government. See the video hereI was surprised at the number of IT folks there, from a ...
Read full story
-
Monday, August 04, 2008
Safety Demo at This Week’s ACS Conference in Chicago
If you are familiar with safety and SIL as defined in ISA-84 and IEC61508, then you are also aware that when a process engineers considers the “safety” of a given component, they are usually considering only the potential for random hardware faults in such a component, and the reliability or likelihood of the safety components to be able to maintain a safe state of the operating equipment. They do not address, explicitly, systematic faults related to software, security issues, etc., as these were generally considered to be too difficult to predict. It is a generally well known and accepted position ...
Read full story
-
Thursday, March 20, 2008
Wurldtech on the road; catch our latest presentations at upcoming events
In an effort to keep everyone informed on our latest speaking engagements, here is a list of upcoming conferences and topics. I encourage you to check out the conference links to learn more about the agendas and highlights, as there are a number of well recognized industry thought-leaders scheduled to appear at each event. Event: CanSecWest 2008 (http://www.cansecwest.com) Date: March 26 to March 28, 2008
Location: Marriott Renaissance Harbourside, Vancouver, BC
Topic: Fuzzing WTF: What Fuzzing Was, Is and Never Will Be
Presenter: Dr. Nate Kube, CTO, Wurldtech Security Technologies, Inc.
Presenter: Mikko Varpiola, Founder and Security & ...
Read full story
-
Sunday, February 17, 2008
Random Musings from a Proud CEO
This BLOG has been an excellent way to get our message out to the world and enabled some of the best minds in the industrial cyber security space to share their insights and experiences and further contribute to the collective knowledge-base the industry so desperately needs.
This medium also affords me the opportunity to connect directly with our clients, friends, investors and staff to share in what I feel has been one of the most amazing success stories of my career to date. With that in mind, I wish to share a small story.
Let me preface this with a ...
Read full story
-
Friday, February 01, 2008
Why Testing I/O Matters…
Industrial Users: If you aren’t testing the I/O, you aren’t testing the device!
We know that one of the unique benefits of Achilles testing is its ability to test the functions available on I/O. When a square wave is no longer a square wave, the devices connected to a process control asset can no longer be expected to perform as designed. It is a unique value proposition of this tool, but some may question whether or not it is necessary.
Discerning industrial users and suppliers already have robust testing methodologies in place that test functionality, but device resiliency from a ...
Read full story
-
Tuesday, December 18, 2007
Back To Basics: Testing Industrial Control Systems 101
Industry has thrown down the gauntlet to vendors and suppliers of security testing solutions: Testing the network stack or communications protocols is insufficient to ensure safe and reliable operations of industrial components. While plenty of testing tools exist out there today, vendors and asset owners are showing us that you can’t simply tell me that the network stack is up or down. We need to know what jeopardizes uptime and most importantly, safety. A testing methodology that does not reveal the Failure on Demand calculations and provide a reasonable model of failure modes, predictability of failures, and provide accurate feedback ...
Read full story