Sign in to follow this  
Followers 0
Info Sec

In need of subject matter expertise

1 post in this topic

Hello all, First off, I am unsure if this is the correct place to post this, so please excuse my unfamiliarity in advance. I represent an information security company that is working with several federal agencies (USA and abroad) to help understand and craft standards to address potential security threats affecting industrial control facilities. Our group is well versed in discovering vulnerabilities in software, but has little experience with the type of hardware industrial control facilities may run. We have had success finding security issues in software from various vendors (such as IWS, CoDeSys, IGSS), but it is difficult for us to understand the true risk when we are not familiar with the context in which such software may be deployed. While researching how to best expand our efforts, we ran across some vulnerability reports affecting various PLC devices: http://www.digitalbond.com/tools/basecamp/wago-ipc-758870/ http://www.digitalbond.com/tools/basecamp/general-electric-d20meii/ http://www.digitalbond.com/tools/basecamp/schneider-modicon-quantum/ http://www.digitalbond.com/tools/basecamp/rockwell-automation-controllogix/ We believe that we could find many more such issues and work with the affected vendors to get them fixed. To that end I am posting here to ask for your advice. If anyone might be interested in helping us enumerate which PLCs we should focus on, how we might acquire hardware for testing, and generally provide advice please let me know and we can discuss what a consulting opportunity may look like. Thank you for your time.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0