Blog

Originally posted on the Claroty NexusConnect Blog. The advancement of remote access technologies, machine learning, and artificial intelligence solutions is moving the industrial and automation industry toward cloud technologies faster and faster.

In February 2023 I was attending a conference for safety. I was introduced to many new people with roles that involved safe implementation of processes, equipment, and manual procedures that support the entertainment and safety of people all around the world. During one of my conversations, I was told that people purchasing services from large industrial control and automation vendors are not asking for people that have achieved the GIAC GICSP certification. They are specifically asking for people that have achieved the ISA/IEC 62443 Cybersecurity certifications. That was the moment I decided I was going to achieve the ISA/IEC 62443 Cybersecurity Expert certification before the end of 2023.

Initially, I ignored the YouTube video, Flipper Zero attacking Smart Power Meters. I watched it. I thought it was “interesting.” But, I did not want to spend a lot of time on it. After all, it has been over ten years since my Black Hat / DEFCON 20 talk, Looking into the Eye of the Meter. I do not have the time, resources, or permission to do any more work on smart meters. So, I figured I would leave it to others to address the findings in this video and the person involved.

Blog Post Originally Published on Claroty Nexus Blog Illicit remote access to industrial control systems and devices provides threat actors with access to process information, user and service account credentials, and the ability to remotely interact with attack surfaces. These attack vectors are the current security focus of most organizations in critical infrastructure and production, distribution, and service industrial sectors.

Originally posted on the Cutaway Security Linked In on March 22, 2023. Let’s consider some practical steps for a ICS/OT Cybersecurity Self Analysis. Today, let’s cover physical security at your substation, pumping station, or compressor station. We feel this checklist is a good start. Do you have items to add? Let us know in the comments on Linked In.

Originally posted on the Claroty Nexus Community as “Managing Cyber Risk in Industrial, Automated Environments” on February 23, 2023. Environments with industrial or automation control systems are built to ensure process availability and resilience. Availability is defined as “the quality of being able to be used or obtained” and resilience as “the capacity to recover quickly from difficulties; toughness.” These days, these definitions do not necessarily take into consideration the rampant connectivity happening today within automation environments.

Introduction # It has been a while since I have analyzed any program or firmware. The majority of my previous experiences were mostly analyzing Capture The Flag (CTF) binaries with the help and instruction from my good friend Matt Carpenter of Grimm Security. While extremely helpful, I always knew I was looking for a vulnerability that should be easy to find since I mainly stuck with the easy to medium difficulty challenges. Analyzing actual firmware for a vulnerability is much different. While most programs “should” have vulnerabilities, there is no guarantee of a flag at the end, like in CTF binaries, that can be verified by submitting a string of bytes for points.

This week I had the pleasure of speaking twice at the SANS Pen Test Hackfest Summit 2019. I had an excellent time and got to meet up with some old friends and make new acquittances. That is one of the most important things about these events. Attending pulls us from behind our virtual cubicles and gets us in front of human beings with common interests. It allows us to participate in conversations and, hopefully, have interactions where the communications include body language, facial expressions, and vocal inflections.

Update: Architecting Secure ICS Environments Slide Deck On October 24, 2019 I delivered a talk at the Wild West Hackin’ Fest in Deadwood, South Dakota. This conference is primarily attended by information security professionals and businesses with information security teams interested in a hands-on experience. I felt it was an excellent opportunity to provide information about the challenges they will face when implementing and testing security in environments that contain Industrial Control System (ICS) technologies.

This article was originally published on Linked In on July 29, 2019. ICS Security Programs # The implementation and security of Industrial Control Systems (ICS) in business environments is challenging. Most organizations start with legacy environments or build new solutions with process effectiveness as their priority. Once an organization realizes they need to secure the environment they quickly come to the conclusion that their enterprise security program does not easily fit into the primary goals and requirements of the ICS environment. Thus, they need a method to evaluate their current security posture and identify a path forward that is prioritized to the goals of the process(es).