This article was first published at Digital Pulse on 19 January 2016.
In 2009, a virus was unleashed on the computer systems of the Natanz nuclear facility in Iran. Described as ‘the most menacing malware in history’, Stuxnet was designed to sabotage the nation’s uranium enrichment programme. The attack, which lasted for over a year before detection and was reportedly a joint project by US and Israeli forces, managed to destroy almost a fifth of the facility’s centrifuges by causing them to spin out of control.
Many people in the cyber security industry have known since the Stuxnet attack that operational technology (OT) — the computer systems that control everything from power stations to traffic light networks and other critical national infrastructure — can become the target of malicious hackers. However, utilities and other infrastructure firms have not traditionally diverted as many resources to securing those technologies as they have to securing the information on their corporate systems. …
Operational Technology (OT) systems are used to control a wide range of industrial processes and critical infrastructure, particularly in industries such as energy, mining, utilities, manufacturing and transport.
A cyber-attack on an OT environment has the potential for serious and wide ranging consequences beyond just financial losses — including prolonged outages of critical services, environmental damage and even the loss of human life.
Based on insights from PwC’s global assessment programs of client OT systems, we’ve compiled a briefing on the Top 10 most common vulnerabilities we’ve observed in deployed OT systems, many of which are basic security hygiene issues.
Well I know I am not the best at blogging these days, but with the move to Australia to run the Threat & Vulnerability Management team for PwC in Melbourne and the complete rebuild of upSploit you can imagine that this blog has not been the top of my priority. I wanted to write a review on a course that I took last November with SANS in Sydney. I was offered a training budget and after a lot of research I chose SANS SEC660 Bootcamp that teaches Advanced Penetration Testing, Exploit Writing, and Ethical Hacking. Now I thought with all my years testing I was on the upper end of the testers knowledge. If you are sitting there knowing how to exploit the usual MS08–067, Tomcat, Jboss etc better than you know how to groom yourself this is the course for you. The course was written by Steve Sims which I was fortunate enough to be taught by. This guy is scarily smart. He flies through really complex exploit research and development concepts like he is teaching basic networking. …