Category Archives: Industrial Automation

Bayes’ theorem in non-functional requirements analysis — an example

I am not a mathematician, but I do like Bayes’ theorem for non-functional requirements analysis — and I’d like to present an example of its application.1 I was actually going to give a theoretical example of availability requirements, but then … Continue reading

Posted in Anecdotes, DNP3, Industrial Automation, Quality, Smart Grid, Software Engineering | Tagged , , | Comments Off on Bayes’ theorem in non-functional requirements analysis — an example

ICS Security: Current and Future Focus

The flurry of DNP3-related vulnerabilities reported to ICS-CERT as part of Automatak’s project Robus seems to have subsided a bit, so it may be time to take a look at where we are regarding ICS security, and where we might … Continue reading

Posted in DNP3, Industrial Automation, Smart Grid | Tagged | 6 Comments

What the industry should do with the upcoming Aegis release

Automatak will be releasing the Aegis fuzzing tool publicly and for free for the first time in a few days. Like I said yesterday: Can hardly wait: "2 weeks until Aegis™ release" http://t.co/KrQkrbb9a9 — Ronald (@blytkerchan) March 1, 2014 to … Continue reading

Posted in DNP3, Industrial Automation, Smart Grid | Tagged , | Comments Off on What the industry should do with the upcoming Aegis release

ICS security and regulatory requirements

In North America, ICS security, as regards the electricity grid, is regulated by NERC, which provides and enforces, among other things, the Critical Infrastructure Protection (CIP) standards. In this post, I’ll provide a quick overview of those standards, provisions slightly … Continue reading

Posted in Industrial Automation, Software Engineering | Tagged , , , | Comments Off on ICS security and regulatory requirements

The Crain-Sistrunk vulnerabilities

In the two previous posts, I’ve shown that industrial control systems — ICSs — are becoming more pervasive, and that they rely on security through obscurity. Now, let’s make the link with current events.

Posted in Industrial Automation, Software Engineering | Tagged , , | Comments Off on The Crain-Sistrunk vulnerabilities

The importance of ICS security: ICS communications

For an ICS, having communications abilities generally means implementing some machine-to-machine communications protocol, such as DNP3 or Modbus. These protocols, which allow the device to report data to a “master” device and take their cue from those devices w.r.t. things … Continue reading

Posted in Industrial Automation, Software Engineering | Tagged , | Comments Off on The importance of ICS security: ICS communications

The importance of ICS security: pervasiveness of ICSs

Industrial Control Systems (ICSs) are becoming pervasive throughout all branches of industry and all parts of our infrastructure: they are a part of every part of the electricity grid, from the nuclear power station to your home; they’re found in … Continue reading

Posted in Industrial Automation, Software Engineering | Tagged | 1 Comment