Home ›› Dale Peterson

Dale Peterson

Joe shares his thoughts on the qualifications of control system security vendors

Category:|   Submitted by jweiss on Mon, 08/18/2008 - 11:32.

The following is an ad from Digital Bond's website. It is the second time they have advertised for control system expertise AFTER obtaining a DHS or DOE contract.

"Digital Bond is still hiring security researchers to help with Bandolier, Portaledge and Quickdraw. We have one need that is proving difficult to find: a controller wizard.

"Various aspects of the projects require us to have multiple PLC’s, RTU’s and IED’s from different vendors in our lab. We have Rockwell Automation, ...

From 'Unfettered Blog'

Bandolier: Gold Standard, or Only Half Way There?

Category:|   Submitted by jweiss on Sat, 06/07/2008 - 19:43.

Bandolier: Is half way there good enough?

I want to specifically respond to Ralph Langer’s comments from my blog post on Severity Levels.

Ralph posted, “While I agree in general that severity cannot be established without context, experience tells me that such context can hardly be established by any kind of automated software tool. Even worse, many asset owners don't have any realistic idea, not to say methodology, of calculating the cost of potential cyber incidents. Wit...

From 'Unfettered Blog'

Giving the Black Hats the keys to the store…

Category:|   Submitted by waltboyes on Fri, 04/25/2008 - 12:04.

Training the Bad Guys

Dale Peterson’s April 22nd blog had the following: “Jason Larsen’s presentation on SCADA and Control System hacking from Blackhat Federal 08 is now available.”

There has been a prevailing view that control systems are secure because they are so arcane and obscure. However, the area of “SCADA Security” is making its way into the mainstream community, and worse, the hacking community.

As long as four years ago, presentations were being made at “Black Hat” (hacker) conferen...

From 'Unfettered Blog'

How can your database be in two places at once when it ain’t anywhere at all?

Category:|   Submitted by jweiss on Sun, 04/20/2008 - 21:27.

Dueling Databases

In Fridays’ edition of DigitalBond’s blog, databases are mentioned.

“Dueling Incident Databases. Joe Weiss has his personal incident database. Wurldtech recently announced their new Delphi vulnerability database. Now Automation World reports that Eric Byres will be resurrecting the BCIT Industrial Security Incident Database thanks to some new funding source.”

...

From 'Unfettered Blog'

What, exactly does the CIA know?

Category:|   Submitted by jweiss on Tue, 01/22/2008 - 17:04.

Dale Peterson’s website has a very interesting and provocative discussion about the CIA disclosure at SANS last week. This is the second time SANS has made an unverifiable disclosure on control system cyber extortion. SANS needs to provide more detailed information not only to validate its authenticity but to provide enough information for i...

From 'Unfettered Blog'