Every ICS environment will sooner or later have to deal with updates, upgrades or additions to the control system environment. Nowadays it is important to include security within such projects, although that is still sometimes forgotten (sad but true). one of the ways to include security is to perform vendor validation and set security requirements… Continue reading using IEC62443-2-4 to reach a more secure ICS – Vendor validation
Category: SCADA
Remote access for ICS – additional views
Through the past few months, more and more ways of providing remote access surfaced within organizations as people were forced to work from home because of the Covid-19 pandemic. This was also the case for remote access to organization critical environments such as industrial control systems in various sectors. By now and because of the… Continue reading Remote access for ICS – additional views
Security testing for ICS Owners – Back to Basics …
Why “Back to basics” regarding security testing? Well... during several previous security assessments that I have performed, I have run into a lot of the issues mentioned within the presentation I have given on this years CS3STHLM conference in Stockholm. Sometimes I also have the feeling that too much attention is given to technical and… Continue reading Security testing for ICS Owners – Back to Basics …
Operator Jail breakout
In 2018, I gave a presentation at the CS3STHLM conference together with Frank Lycops on Operator Jail breakouts. Operator Jails are meant to prevent process operators from having access to the underlying operating system (OS), so all access to the OS not required for the daily task is shielded from them ... or at least… Continue reading Operator Jail breakout