Blog

  • Monday, February 16, 2009

    The not so smart “Smart Grid” - Addendum

    There has been a lot of traffic in the blogsphere about Smart Grid security. In the real world, working groups are being formed, standards are being written, and there are many activities by the GridWise Architecture Council (http://www.gridwiseac.org/), NIST (http://www.nist.gov/smartgrid/) and a host of people that truly get it when it comes to security. I think all of this work is absolutely needed and there are a lot of very smart people working on those groups/standards and they are doing a great job. However… We are not just talking about the designed-in functionality of all these ...

    Read full story

    Author: Perry Pederson

  • Monday, February 09, 2009

    Chasing the 0Day Threat

    The topic of 0Day Threat or 0Day vulnerabilities certainly get a lot of press. And this is probably for good reason. The common notion is that the 0Day vulnerabilities are the ones that can cause the most harm because they are the ones you’re not prepared for. The industry has matured significantly from the days (and yes, I can actually remember those days) when hackers demonstrated their skill for bragging rights. These days, we’ve got sophisticated markets where vulnerabilities are bought and sold and I am sure it does not surprise anybody reading this that there is also a lucrative ...

    Read full story

    Author: Perry Pederson

  • Wednesday, February 04, 2009

    Common Vulnerabilities & Exposures (CVE) For The Rest Of Us

    As of today, the Common Vulnerabilities and Exposures (CVE) database, hosted by Mitre Corporation (http://cve.mitre.org/) for the Department of Homeland Security (DHS), contains 34,542 entries. That may not seem like a large number, but any one of those entries can translate to multiple instances in the field. While the contents of this database are very important in the IT world to help security practitioners ply their trade, build rule sets, etc., there is a glaring lack of information on industrial control systems (ICS). A search of the CVE database using “SCADA” or “DCS” or “PLC” as a search ...

    Read full story

    Author: Perry Pederson