DeviceLine Radio: Joe Weiss On Industrial Control System Security

By Robert Vamosi | 4/25/13 10:00 PM

My guest today is Joe Weiss, Managing partner at Applied Control Solutions. He is perhaps best known for his work with securing electrical utilities and his testimony on Capital Hill on the danger in not addressing various vulnerabilities facing that industry today. But Joe points out that Industrial Control Systems are everywhere—in our cars, even in our bodies. So the safeguards introduced in one area should apply to all areas. I started the conversation by asking why, in the two years since Dillon Beresford and Luigi Auriemma first poked holes in SCADA systems, we haven't seen more progress on securing those systems.

You can hear the full conversation, along with a recap of this week’s news here.

Or subscribe to DeviceLine Radio on iTunes.

Or read the transcript below.

Read More >

More Digital TV Vulnerabilities Disclosed

By Robert Vamosi | 4/23/12 4:05 AM

Another researcher has disclosed vulnerabilities in a digital TV, this time buffer overflow that can be remotely controls via iPad, Android and other software/devices.

Read More >

Rockwell To Patch SCADA Flaw Soon

By Robert Vamosi | 9/23/11 5:36 AM

Within the next seven days, Rockwell Automation will release a patch for a supervisory control and data acquisition (SCADA) vulnerability first made public last Friday.

Read More >

SCADA Vulnerabilities Continue

By Robert Vamosi | 9/20/11 5:58 AM

Security researcher Luigi Auriemma has unearthed a few more SCADA vulnerabilities, most affect the Human–machine interface (HMI) systems. As a result US-CERT has published alerts much like this one for all of Auriemma's new vulnerabilities. This is becoming a standard drill for the ICS industry.

In March 2011, Auriemma published thirty-some vulnerabilities after claiming he had no prior experience with SCADA systems. In June, Siemens patched vulnerabilities posted by Dillon Breseford.

Read More >

Black Hat USA To Show SCADA Flaw

By Robert Vamosi | 6/8/11 3:03 AM

The researcher who found a PLC vulnerability within the Siemens’ Step7 will present his findings at the annual Black Hat USA to be held August 2-3, in Las Vegas, Nevada.

In May, NSS security researcher Dillion Breseford pulled his talk from TakeDownCon in Dallas after requests from the vendor and the Department of Homeland Security. But, after a few days with Siemens downplaying the severity of the attack, Breseford lashed out at the vendor's statement that the attack could only be carried out using special equipment.

Read More >