Security testing for ICS Owners – Back to Basics …

Why “Back to basics” regarding security testing? Well... during several previous security assessments that I have performed, I have run into a lot of the issues mentioned within the presentation I have given on this years CS3STHLM conference in Stockholm. Sometimes I also have the feeling that too much attention is given to technical and… Continue reading Security testing for ICS Owners – Back to Basics …

Importance of data integrity for safety in industrial environments

It is well known that the most important factor within the process industry is the availability of the systems and environment. The plant must be running at all times. That’s why most security improvement efforts are made in that area. However, the integrity of the information and data within the industrial control systems environment can’t… Continue reading Importance of data integrity for safety in industrial environments

Secure remote management for ICS

When performing security assessments for ICS (industrial control system) customers, it is often noticed that several different remote access paths for suppliers are used for remote management purposes. Most of these are established through a separate DSL line. Makes sense, right? A solution like this makes it easier for the vendor to provide remote maintenance.… Continue reading Secure remote management for ICS

Building a (modest) ICS testing & training lab

Part of training people into becoming ICS security specialists is providing them the opportunity to test or train certain things in a ‘safe’ environment. Which means you’ll need a (modest) ICS testing & training lab. There are some great labs out there (Idaho National Labs for example), that offer every test set-up you can think… Continue reading Building a (modest) ICS testing & training lab