Too Many Changes, Too Much Noise

Most industrial companies with whom I speak are aware of the amount of control system changes that occur on a daily basis, but lack the proper automation to monitor and manage those changes. This means that significant changes can go uninvestigated, which means unplanned outage, safety, and other risk increases.  Major regulations and standards, including NERC-CIP, IEC 62443, NEI 08-09, and NIST 800-53, to name a few,... Read more

When White Hats Go Grey

The way it’s supposed to work, white hat security researchers find vulnerabilities and report them to the offending company giving that company time to provide a patch before the vulnerabilities are published. It is what “good guys” do.Cybersecurity company Medsec took a different path. After discovering vulnerabilities in St. Jude Medical’s pacemakers and defibrillators, they approached... Read more

Are We Four Lines of Python Away from Cybersecurity Trouble?

A USA Today reporter recently interviewed the guys who hacked the Jeep Cherokee last year. One of the white hats said something that was particularly distressing. He said that he wrote “four lines of python and owned [had access to] 1.4 million cars.” What gets me is not that he did it (he revealed their hack to Fiat/Chrysler before publishing), but that a hunk of metal traveling down the road at 60 or... Read more