Archive | TAC Diary RSS feed for this section

No-Intel Monitoring Tip: Changes

While having a conversation with someone at ICSJWG last week about how to focus limited resources on detecting “bad things” with little or no early intel, an interesting idea developed. Beyond looking specifically at critical data and physical assets, would it be worthwhile to pay specific attention to areas of the target environment to which […]

Read More 0 Comments

Sneaky New Technique on the Social Engineering Front

Researchers from SecureWorks have published a blog post on an apparently new technique being used to leverage the implicit trust users have in certain URL shortening services to dramatically increase the chances that a phish will be successful. Now, URL shortener abuse is nothing new as it is very easy to hide the true landing page […]

Read More 0 Comments


Recently, the NESCO Tactical Analysis Center (TAC) entered into a Memorandum of Understanding (MOU) with the Industrial Control Systems Information Sharing and Analysis Center (ICS-ISAC). This represents our agreement to work together on information sharing initiatives related to control systems. Operational details will be worked out over the next few months, but we expect this relationship to […]

Read More 0 Comments

Keeping the Cybersecurity Boat Afloat

There is much wisdom to be found in classic TV shows. To continue from last week’s I Love Lucy cybersecurity analogy, let’s explore the parables of Gilligan’s Island. The plot line for this show involves a group of castaways stranded on a tropical island after their tour boat was shipwrecked in a storm. The crew and passengers left port […]

Read More 0 Comments

Hiding the Chocolate

In a classic episode of the television show I Love Lucy, Ethel and Lucy attempt work at a chocolate candy factory. One of their work assignments involves wrapping chocolates as they go by on a conveyor belt. They are warned that if even a single candy goes by unwrapped, they will be fired. Things start off easy […]

Read More 0 Comments

Open Source IOC Utilities

Of the many formats for expressing threat data, OpenIOC is garnering a lot of attention in the incident responder space. While the schema that describes the OpenIOC format is open-source, the tools used to process that data are often proprietary. At the 8th Annual EnergySec Summit, Jeff Bryner gave a presentation about a set of open source […]

Read More 0 Comments

Back To Basics

One of the themes that has been present in our direct communications with asset owners is that better adherence to basic security principles and practices will do more to raise the bar against attacks than purchasing the latest security widget de jour. The reason being is that most advanced adversaries employ sophistication in the recon and […]

Read More 0 Comments

Measuring Security – It’s Like Taking Your First Baby Steps

Industrial Control System (ICS) security is a tough business to be in. There are a lot of things you aren’t allowed to touch. You are consistently learning that you really don’t know anything about anything. And to make things worse…there are no standard security metrics being used in the industry to help you manage the […]

Read More 0 Comments

Securing the Power Grid One Spoonful at a Time

In a recent post on Linkedin, Larry Karisny wrote, “If we are to detect, audit and secure critical infrastructure we need to think small not big.” This quote is being taken out of context but it is a great start to a discussion about how to address cybersecurity in the electric sector. Considering the sheer […]

Read More 0 Comments

Incident: Telvent Breach

On September 26, a media report outlining the compromise of control system vendor Telvent (owned by Schneider Electric) was released.  Since then, we have received additional details and independent confirmation of the breach.  It appears that a known group of malicious actors broke into Telvent and stole control-system specific information from them.  Due to some of Telvent’s support […]

Read More 1 Comment