
Eric Byres
@ICS_Secure
Followers
3K
Following
169
Media
42
Statuses
993
Inventor of the Tofino Security, leading expert in the field of ICS and SCADA security and ISA Fellow
Canada
Joined July 2009
Check out this post on responding quickly to open-source supply chain attacks, in this case, the #XZ hack. This backdoor was deliberately injected into the widely used secure shell service daemon #sshd by unknown attackers (IMHO a nation-state: see also .
wired.com
The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code.
We have a new blog post describing our response to the #vulnerability in the #XZ Utils library. We reassured our customers that they were at no risk from this threat (and spared them the costly task of wading through false positives to find it). #liblz.
0
0
2
RT @aDolus_Inc: Read @ICS_Secure's latest blog on Evolving Threats and Regulations in Software Supply Chain Security. Attacks are on the ri….
0
3
0
RT @allanfriedman: @aDolus_Inc @ICS_Secure I was in Brussels last week talking about this exact issue with Commission staff and ENISA exper….
0
1
0
Most SBOM initiatives have been coming out of the US, thanks to EO14028. Now, the EU is adding teeth to requirements for SBOMs with its Cyber Resilience Act. Check out my summary of the impact on the IoT/OT markets; let me know if you agree that it could have a massive impact.
The EU Cyber Resilience Act took a big step toward enactment this week. Read our blog to get @ICS_Secure's commentary on the implications this legislation has for software supply chain security. #SBOM #vulnerabilitymanagement.
1
0
1
RT @aDolus_Inc: The EU Cyber Resilience Act took a big step toward enactment this week. Read our blog to get @ICS_Secure's commentary on th….
blog.adolus.com
The EU Cyber Resilience Act (CRA) is one step from official adoption. Supply chain security, SBOMs and vulnerability management are priorities.
0
2
0
If you’ll be at the @SecurityWeek ICS Cybersecurity Conference in Atlanta, track me down. I'm happy to explain how the industry made huge strides using SBOMs to secure software supply chains. #ICSCC23.
Planning to be at the @SecurityWeek ICS Cybersecurity Conference in Atlanta this week? Don't miss hearing Eric Byres @ICS_Secure speak on Making a Molehill Out of a Mountain of #SBOMs. Learn how to convert SBOM data into actionable threat and risk intelligence. #ICSCC23
0
2
2
The 2023 #MDDR report shines a sharp light on the state of OT firmware updates. You can read more about the actual statistics and my thoughts on the reasons in my blog.
The 2023 Microsoft Digital Defense Report (#MDDR) features aDolus OT #vulnerabilities analysis. Together we uncovered alarming statistics about unpatched, highly vulnerable PLCs on OT networks. Read our blog: The Wretched State of OT Firmware Patching.
0
0
1
Effective hunting for #vulnerabilities in #OT requires navigating the namespace problem (i.e., most product and vendor names have multiple aliases), plus the ability to process text-based data such as massive PDFs from vendors. Our blog explains how we did it for the #MDDR.
The Microsoft Digital Defense Report (#MDDR 2023) dropped today and we provided key research and analysis for the section on OT #vulnerabilities. Read how we used machine learning to analyze manufacturer and industry disclosures to identify CVEs in PLCs.
0
1
2
RT @aDolus_Inc: The Microsoft Digital Defense Report (#MDDR 2023) dropped today and we provided key research and analysis for the section o….
blog.adolus.com
aDolus collaborated with Microsoft on vulnerability analysis and contributed to their Microsoft Digital Defense Report 2023 (MDDR 2023).
0
4
0
#OTCEP 2023 is starting. Minister Josephine Teo is presenting a great summary of the risk and opportunities for OT systems.
0
2
6
RT @ICS_SCADA: Passionate about ICS incident response panel @SCADAhacker @RobertMLee @CSAsingapore #otcep | …person on right is makin….
0
3
0
A very amusing story of how #ChatGPT led one of the @aDolus_Inc team down a giant rabbit hole of #misinformation. Highly recommended reading for anyone thinking of using #GenerativeAI.
We've got a new blog post: How To Be Confidently Wrong - An experiment testing how well ChatGPT summarized the National #Cybersecurity Strategy document. Let's just say it took some editorial liberties.
0
1
2
I'm delighted to have Kevin join us as CEO at aDolus. I've known Kevin for years - he is an insightful leader who really understands the security industry. With his proven track record of solving customer challenges and growing revenue, I look forward to a fruitful collaboration.
We have some exciting news! Kevin Senator @kevinS83029404 has joined aDolus as CEO. You can read our press release for more info on Kevin's background. Kevin takes over from Rod Campbell @CampbellRod who is becoming aDolus' chairman of the BOD.
1
2
2
I've been active in the #foodandbeverage industry since my BCIT lab days when Kraft Foods was a major research sponsor. It is great to see a major player in the space take #softwaresupplychainsecurity so seriously. See you at #S4x23 - I'll be in the #SBOM pavilion!.
We're excited to provide #SBOMs and software supply chain visibility to our new partner in the food and beverage #manufacturing industry.
0
1
1
Thomas Pace of @NetRiseInc presenting a great talk in the challenges of looking up OT vulnerabilities in public vulnerability databases at #icscc22. Definitely worth listening to!
0
2
5
Next slide from @Derek_Harp - Seems like companies are feeling the pain and are working on their supply chain programs.
0
0
0
#icscc22 @Derek_Harp, CEO of (CS)2AI talking on OT Security survey results. Companies responding report Compromised Vendor Updates accounted for nearly 1/4 of all OT security incidents, up from zero in 2020! The software supply chain is a growing risk issue for OT. @aDolus_Inc
1
4
5
RT @allanfriedman: Very exciting to see @Microsoft open source their internal SBOM generation tool. Would love to hear what you think of it….
0
86
0
#OTCEP - @ztudor - love your concept that #Pipedream "isn't just an attack framework, it is an education framework".
1
1
2