eric byres

This Blog Has Migrated to Industrial Security at Belden.com

With the last post from Eric and Joann Byres below, this blog is now closed.  However, Belden continues to publish ICS security articles at the Industrial Security blog on Belden.com

Farewell from Tofino Security Founders Eric and Joann Byres

This blog is the last one from me as a member of the company that manufactures and sells Tofino Security products. Joann Byres (Tofino co-founder and Belden Vice President) and I are retiring from the Tofino Security group at Belden effective January 30, 2015.

ISA Recognizes Eric Byres for Leadership in SCADA Security

Today I am glad to be writing about a good news story. That story is that Belden's Eric Byres is being awarded the ISA (International Society of Automation) Excellence in Leadership award for his contributions to the automation industry in the area of industrial security.

This award must be particularly exciting for Eric because it is ISA's most prestigious award and is awarded by his peers, that is, members of ISA.

ISA President Terrence G. Ives remarked:

Byres Security Acquired by Belden: Message from the Founders

Today is a big news day for Byres Security Inc. (BSI), as we are announcing that our company has been acquired by Belden Inc.

We (Joann Byres and Eric Byres) are writing this article to let you know what the future has in store for us, and for our company.

What will stay the same?

Byres Security Inc. will run as an independent business unit under Belden, and the Tofino Security brand will remain the same.

BSI will continue:

Stuxnet Mitigation Matrix Updated

Stuxnet Mitigation Matrix Updated
 
This is a short note to let you know that we have updated our Stuxnet Mitigation Matrix to version 1.1, based on feedback from our readers.
 
The new version addresses the need to test and/or confirm all mitigations, including firewalling the Remote Procedure Call (RPC) protocol.

Stuxnet Mitigation Matrix

Our goal with this blog is to provide you with practical information to help you avoid network incidents that disrupt operations.

With this in mind, today we are releasing a Stuxnet Mitigation Matrix that presents easy-to-follow actions to take against Stuxnet.

PDF Stuxnet Mitigation Matrix by Tofino Security is a printable version of the mitigation matrix that includes dynamic links to detailed information on each of the patches and mitigations.

No Silver Bullet for Stuxnet / Siemens WinCC Malware - White Paper

Last week, Rick Kaun in his blog “[In]security Culture”, blasted the “security vendors” who were claiming that if the ICS/SCADA world used their offering, we would have avoided the whole Stuxnet mess. As Rick very correctly points out, this is complete rubbish - there is no silver bullet for security in general, but in the Stuxnet case it is dangerously inaccurate.

The Stuxnet Mystery Continues

I have just come back from three very interesting presentations by Symantec, Microsoft and Kaspersky Labs at the Virus Bulletin 2010 conference. For two hours they discussed their latest findings on Stuxnet, the PLC/SCADA-targeting worm of the decade.

The Amazing Mr. Stuxnet

Week after week, the Stuxnet worm continues to amuse and astound all of us that have studied it. Last week it was Ralph Langner’s detailed analysis that showed Stuxnet wasn’t just infecting Windows boxes and stealing data, it was specifically designed to modify PLC logic so it could destroy a physical process. Next it is the amazing number of Windows zero-day vulnerabilities* it exploits to do its dirty work.

Stuxnet - I was wrong

Back in July when Stuxnet first became public, I wrote in our Siemens PCS7 WinCC Malware White Paper and told anyone that would listen that Stuxnet was targeted at stealing intellectual property from process systems. The code we analyzed showed Stuxnet performing SQL database accesses and process information uploading to servers in Denmark and Malaysia, so this seemed like a sure answer.

Why Stuxnet Affects All Windows Systems

If you have been reading the various advisories on the Stuxnet malware, you would be forgiven for thinking that only computers running relatively new versions of the Windows systems are vulnerable to this worm. For example, the Siemens Stuxnet advisory states; “The virus affects operating systems from XP and higher.” Does that mean if I am running Windows 2000 servers I am immune?

Unfortunately, the answer is NO! Based on our testing, all versions of Windows are vulnerable to Stuxnet, regardless of age.

Why Another Security Blog? Stuxnet Shows Why.

Over the past half decade I have avoided creating blog on cyber security.  After all, there certainly are plenty of blogs out there, and some provide excellent and detailed analysis of the latest news in SCADA security.

Subscribe to RSS - eric byres