Industrial Control Systems

Security Practices for IEC 61131-3 PLC Programming Languages Part 5: ST

Security Practices for IEC 61131-3 PLC Programming Languages Part 5: ST 1024 576 IsiahJones
By Isiah Jones VP, Global ICS Security Service Delivery & Brian Foster Sr ICS Cybersecurity Engineer Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary programming languages [...]read more

Security Practices for IEC 61131-3 PLC Programming Languages Part 4: IL

Security Practices for IEC 61131-3 PLC Programming Languages Part 4: IL 752 435 BrianFoster
By Isiah Jones & Brian Foster Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary programming languages specific to programmable logic controllers (PLCs) that are defined in [...]read more

And The ICS Cybersecurity Debate Continues On…

And The ICS Cybersecurity Debate Continues On… 1791 1007 ClintBodungen
Recently I ran across a post on Linkedin in response to DHS statements and media reports pertaining to Russian hacking against the U.S. power grid. A central theme of the post cautions readers to guard against “deliberate or recklessly misleading” and “exaggerated” statements. One of the post’s claims generated significant concern, “I see no possibility [...]read more

Security Practices for IEC 61131-3 PLC Programming Languages Part 3: FBD

Security Practices for IEC 61131-3 PLC Programming Languages Part 3: FBD 721 298 IsiahJones
By Isiah Jones VP, Global ICS Security Service Delivery & Brian Foster Sr ICS Cybersecurity Engineer Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary programming languages [...]read more

Security Practices for IEC 61131-3 PLC Programming Languages Part 2: Ladder Logic

Security Practices for IEC 61131-3 PLC Programming Languages Part 2: Ladder Logic 900 550 BrianFoster
By Isiah Jones & Brian Foster Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary programming languages specific to programmable logic controllers (PLCs) that are defined in [...]read more

Security Practices for IEC 61131-3 PLC Programming Languages Part 1: SFC

Security Practices for IEC 61131-3 PLC Programming Languages Part 1: SFC 808 324 IsiahJones
By Isiah Jones, Director & Principal ICS Cyber Security Engineering & Brian Foster, Senior ICS Cyber Security Engineer Within the industrial control systems (ICS), automation, operational technology (OT), cyber-physical systems (CPS), industrial internet of things (IIoT) and instrumentation communities many of the devices with some form of computing and logical capabilities rely on 5 primary [...]read more

Top 10 Universal Best Practices for Critical Infrastructure Security & Resilience

Top 10 Universal Best Practices for Critical Infrastructure Security & Resilience 1280 853 IsiahJones
By Isiah Jones, Director & Principal – ICS Cyber Security Engineering While attending the EnergySec Electric Distribution Security Forum March 22 – 23, 2018 in Washington, DC, the topic of best practices came up between trade organizations and state utility commission speakers and attendees. I informed them that in security “best practices” are already defined [...]read more

Radical Idea in ICS Cybersecurity?

Radical Idea in ICS Cybersecurity? 971 538 RobBeason
Idaho National Laboratory recently published an article, Internet Insecurity, by Andy Bochman. Many of the ideas in this article are shared by other thought leaders in the industry. The main theme from the article is that due to the inherent flawed design of the Internet, there will be a resulting lack of assurance for industrial control [...]read more

Securing Automobile Control Systems Part 1

Securing Automobile Control Systems Part 1 2051 1440 KevinLackey
By Kevin Lackey, OT, ICS & SCADA Cyber Security Principal Driving (pun intended) towards a Minimum Security Standard for automotive control systems is more important than ever, as these systems are quickly becoming fully independent from human control. Within 20 years of the advent of computer regulated electronic fuel injection, first mass produced and available to [...]read more

NIST Releases Cybersecurity Framework 1.1

NIST Releases Cybersecurity Framework 1.1 2160 1440 HeathRenfrow
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA The National Institute of Standards and Technology (NIST) announced on April 16, 2018 the release of the Cyber Security Framework (CSF) 1.1, intended to improve Critical Infrastructure Cybersecurity. The focus of this framework when first developed in 2014 was geared towards industries vital to economic and national security, [...]read more

Learning Through Gaming, Red vs. Blue

Learning Through Gaming, Red vs. Blue 1179 666 RobBeason
By: Rob Beason, CISSP, GSLC, Security+ At the Houston Security Conference, 2018; fellow LEOs Clint Bodungen and Kevin Lackey put on a red versus blue team training for attendees. The course was a one-day workshop intended to educate ICS practitioners, network defenders and the security conscious on the topics of basic attack methodologies and the [...]read more

ICS Security Manager as a Service – Part 4

ICS Security Manager as a Service – Part 4 IsiahJones
By Isiah Jones, MPS, CISSP, GICSP, C|CISO, Director, ICS Cyber Security Engineering The fourth and final post in our series explores who can benefit from the ICS Security Manager as a Service concept. To revisit the earlier posts, please see Part 1, Part 2, and Part 3. So, who would even benefit from this ICS Security [...]read more