Why “Back to basics” regarding security testing? Well... during several previous security assessments that I have performed, I have run into a lot of the issues mentioned within the presentation I have given on this years CS3STHLM conference in Stockholm. Sometimes I also have the feeling that too much attention is given to technical and… Continue reading Security testing for ICS Owners – Back to Basics …
Tag: SCADA
Operator Jail breakout
In 2018, I gave a presentation at the CS3STHLM conference together with Frank Lycops on Operator Jail breakouts. Operator Jails are meant to prevent process operators from having access to the underlying operating system (OS), so all access to the OS not required for the daily task is shielded from them ... or at least… Continue reading Operator Jail breakout
Importance of data integrity for safety in industrial environments
It is well known that the most important factor within the process industry is the availability of the systems and environment. The plant must be running at all times. That’s why most security improvement efforts are made in that area. However, the integrity of the information and data within the industrial control systems environment can’t… Continue reading Importance of data integrity for safety in industrial environments
Secure remote management for ICS
When performing security assessments for ICS (industrial control system) customers, it is often noticed that several different remote access paths for suppliers are used for remote management purposes. Most of these are established through a separate DSL line. Makes sense, right? A solution like this makes it easier for the vendor to provide remote maintenance.… Continue reading Secure remote management for ICS
Building a (modest) ICS testing & training lab
Part of training people into becoming ICS security specialists is providing them the opportunity to test or train certain things in a ‘safe’ environment. Which means you’ll need a (modest) ICS testing & training lab. There are some great labs out there (Idaho National Labs for example), that offer every test set-up you can think… Continue reading Building a (modest) ICS testing & training lab