HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Comments
You must login to participate in this chat. Please login.

Thanks, Clint!  I'm glad I made it back to view the archive.  Rich, thank you as well.  See you all Thursday.

Iron

Huntwork's Answer:  Actually, the exposure I've had to SCADA systems demonstrated well-segmented networks.  Compatibility with the security actually required a significant design effort.

Iron

I like Spam.  I don't eat it cold, but pan-fried on toast with a little bit of yellow mustard--that's pretty good.  It's a bit salty, though.  A glass of milk goes well with it.

Iron

Huntwork's Answer:  Yes, our organization provides security training.  I prefer not to comment about specific capabilities.

Iron

Huntwork's Answer:  I do not often write software.  I sometimes write shell scripts.  I act as a hardware or systems engineer most of the time.

Iron

No experience with not proper firewall

No specific or special training

HW engineering, some code design / test -C, Cpp

Good presentation.  Thanks!  See you tomorrow!

Iron

Thanks again, see you guys tomorrow.

Iron

Thank you. See you tomorrow

Iron

Thanks for being here!

Iron

So you had an incident due to an internal threat source accidentally exploiting a network configuration vulnerability

Blogger

and also improper segmentation vulnerability

Blogger

@yolk55 - There is your accidental internal threat source

Blogger

That was from: Source: http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf

 

It's an older framework... the second version didn't come out until 2012 I believe, but it's not nearly as descriptive so I reference both versions.

Blogger

Aprox 5 years ago BCHydro techs were upgrading the Scada system at Williston substation, and did not block trip switches, this caused all 500 kv breakers in the substation to open, close and open again, a major system disturbance resulted.

Iron

Correction to slide 3, last sentence: 

Although the presence of a programming flaw is not required, the accidental introduction of defects into software is expected to comprise a significant portion of the vulnerabilities addressed by this framework. 

Blogger

?Will you please type the correction to slide 3, I didn't get it.  Thanks.

Iron

Thanks very much again Clint & Rich!

 

Iron

Thanks everyone. Questions?

Blogger

Thanks again!  Very useful introduction for those of us who haven't worked in IT security

Thanks Clint, Rich, Design News and Digi-key.
See you tomorrow

Thanks Rich and Digi-Key. Oh, and Clint, too.

Iron

than you good presentaion

Iron

Thank you (but I don't sleep as well as I use too)

Iron

Thanks Clint, Rich, Steph, & Digi-Key

Iron

Great learned alot, looking forward to tomorrow.  Thanks Clint, Rich and Digikey

Iron

Thanks all! Very nice presentation.

Iron

Thank you Clint, Rich, Design News and Digi-key

Iron

Thank you Clint, Rich, and Digi-Key.

Gold

Great presentation, be here tomorrow, thanks a lot.

Iron

Yes you do, have been trying to eliminate network access on workstations for a while

Iron

 

You have to click on the slide in presentation mode to start the animation

Iron

Switched to PM, nice F-X.

Iron

Cool animation on SLide 15 if you're in presentation mode

Blogger

have seen Corp IT shut down firewall some time ago

Iron

Have seen when Corp IT shut down firewall for a few days, why ? 

Iron

 

answer to fourth question: I don't look at the network. I assume it isn't done properly

Iron

Lack of network segmentation at work?  Probably.

Iron

Have extensive VLAN segmentation/Firewall groups to manage security.

Iron

Have you seen a lack of network segmentation at your job?

Blogger

I almost forgot, my Dell laptop came with TREND (PC-CILIN?), which may be an IDS, where I get a report of the WI-FI network at my library.

Iron

Time vanishes like my paycheck!

Iron

Slide 11 (where does the time go?)

Blogger

I do have security on my home network.

Iron

This IS my security training, but I haven't programmed network accessable systems yet.

Iron

 

answer to question three: I have had no formal security training. My process is to keep a small whitelist with expiration dates

Iron

Have not at work, but do have monitoring on home system

Iron

symantec internet security

I do not use any IDS at home.

Iron

No training within organization, don't know about intrusion detection in place

Iron

training - somewhat  IDS - just starting

Iron

No formal training, but use at home

Iron

Nothing pass awareness trainng at work.  Home network is another matter.

 

Iron

Some security training; extensive network monitoring at work. Limited monitoring at home.

Iron

My experience is limited on external access, mostly I work on process or control loop code.

Iron

I have not checked ICS-CERT.

Iron

 

Answer to second question: I usually only look to outside services when I can't resolve the problem on my own. I view it more like just another bug.

Iron

Have not followed vulnerabilities

Gold

Stable audio with Firefox.

Iron

Haven't heard of those sites until now

Try Chrome. Chrome is much stable than MS IE

Iron

Hello from Cedar Rapids Iowa

Iron

Guess I'll wait for the archive version audio is very choppy. Must be your server is overloaded.

Iron

Have coded for years. Nothing at present.

Iron

I'm just a student studying MCUs in my college's Elect Tech program, which requires writing some firmware.

Iron

Rely heavily on libraries - so security is a concern.

Iron

I write code - electronic systems

Iron

In my current position, very little coding

Iron

Software engineer in embedded systems mostly. Not so much process control but I do have some examples of web servers on the devices. Ergo some interest in internet security

 

Iron

 

Answer to first question: I write code

Iron

Electrical primarily only play with software as needed

Iron

Do you actually write code for your job?

Blogger

Yeah, process control products bit-twiddler.

Is anyone else experiencing audio problems?

Iron

audio not working well

 

Iron

Hi from Sunny Boston! (also better traffic day today)

Iron

good afternoon, everyone

Iron

Hello from cold Buffalo, NY!

Iron

Hi all -Audio is live! If you don't see the audio bar at the top of the screen, please refresh your browser. It may take a couple tries. When you see the audio bar, hit the play button. If you experience audio interruptions and are using IE, try using FF or Chrome as your browser. Many people experience issues with IE. Also, make sure your flash player is updated with the current version. Some companies block live audio streams, so if that is the case for your company, the class will be archived on this page immediately following the class and you can listen then. People don't experience any issues with the audio for the archived version.

 

hello from Mishawaka

Iron

Same here in Michigan

 

Iron

Hello from Oxford Ohio. Thanks for the gift card!

Iron

Greetings from Vermont

Iron

Good afternoon from Rochester, NY.

 

Iron

Wow! Third day already! How exciting!

 

Iron

Goodnight from Valladolid, Spain in Europe

Iron

Hello from Hudsons Hope BC, and thanks for the gift card

Iron

Greetings once again everyone! Ready to talk SCADA vulnerabilities?

Blogger

Thanks for the gift card

have a happy hump day

Iron

@tpyn: thanks for the suggestion. Duly noted.

Blogger

Good morning from Albuquerque.

Iron

-The streaming audio player will appear on this web page when the show starts at 2 PM Eastern time today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. If that doesn't work, try using Firefox or Google Chrome as your browser. Some users experience audio interruptions with IE. If that doesn't work, the class will be archived immediately following our live taping.

Blogger

 

Every now and then the presenters of these sessions ask for subjects to cover. I would like to suggest that the potential opportunities that will be generated through the Jumpstart Our Business Startups(JOBS) Act be organized and included in the notes section of the slides if not in the presentations.

Iron

Looks like we've got a good crowd already. The sun is out here in NJ, so the snow is starting to melt.

That said, download the PPT from the link above. That's the only way for you to see the presentation.

Blogger

Hello all 70 degF in Simi Valley today

 

Iron

Hello all.  Sunny & 24 degF in Minneapolis today.

Iron

Hello from Montana. I read the new article in Design News today about Malware That's Transmitted through Sound.

http://www.designnews.com/author.asp?section_id=1386&doc_id=270551&itc=dn_analysis_element&

Gold

hi! ready for another

Iron

Morning from Portland Oregon

Iron

Thank you very much for the gift card! Merry Christmas to all in the 

Continuing Education Center and everyone at Digikey!

Iron

Hello.  I have the slides, but I will not be able to attend class today.  I will catch up using the archive.

Iron


Partner Zone
Latest Analysis
Take a look through these film and TV robots from 1990 through 1994.
The Soofa is an urban smart bench that provides mobile device charging as well as collects environmental information via wireless sensors.
Sciaky, provider of electron-beam additive manufacturing (EBAM) services, will start selling these machines commercially in September. The company has used its EBAM 3D printing technology for making very large, high-value, metal prototypes and production parts for aerospace and defense OEMs.
At this year’s Google I/O, the spotlight was pointed on gender inequality in the high-tech industry. Google has established a new initiative that it hopes will even out the playing field, Made w/Code. Part of this initiative will fund free online courses in basic coding.
Self-driving vehicle technology could grow rapidly over the next two decades, with nearly 95 million “autonomous-capable” cars being sold annually around the world by 2035, a new study predicts.
More:Blogs|News
Design News Webinar Series
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
7/17/2014 11:00 a.m. California / 2:00 p.m. New York
6/25/2014 11:00 a.m. California / 2:00 p.m. New York
5/13/2014 10:00 a.m. California / 1:00 p.m. New York / 6:00 p.m. London
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Aug 4 - 8, Introduction to Linux Device Drivers
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Next Class: August 12 - 14
Sponsored by igus
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service