Category Archives: DNP3

Progress in DNP3 security

In July last year, I discussed why Adam Crain and Chris Sistrunk fuzzed DNP3 stacks in devices from various vendors, finding many issues along the way (see project Robus). This time, I’ll provide a bit of an overview of what … Continue reading

Posted in DNP3, Smart Grid | Tagged | Comments Off on Progress in DNP3 security

Bayes’ theorem in non-functional requirements analysis — an example

I am not a mathematician, but I do like Bayes’ theorem for non-functional requirements analysis — and I’d like to present an example of its application.1 I was actually going to give a theoretical example of availability requirements, but then … Continue reading

Posted in Anecdotes, DNP3, Industrial Automation, Quality, Smart Grid, Software Engineering | Tagged , , | Comments Off on Bayes’ theorem in non-functional requirements analysis — an example

ICS Security: Current and Future Focus

The flurry of DNP3-related vulnerabilities reported to ICS-CERT as part of Automatak’s project Robus seems to have subsided a bit, so it may be time to take a look at where we are regarding ICS security, and where we might … Continue reading

Posted in DNP3, Industrial Automation, Smart Grid | Tagged | 6 Comments

What the industry should do with the upcoming Aegis release

Automatak will be releasing the Aegis fuzzing tool publicly and for free for the first time in a few days. Like I said yesterday: Can hardly wait: "2 weeks until Aegis™ release" http://t.co/KrQkrbb9a9 — Ronald (@blytkerchan) March 1, 2014 to … Continue reading

Posted in DNP3, Industrial Automation, Smart Grid | Tagged , | Comments Off on What the industry should do with the upcoming Aegis release