ICS

32 Minutes to Understanding SCADA Security

Posted by Heather MacKenzie on Aug 01 2012

Engineers as well as IT staff in the process control and SCADA industries have varying levels of knowledge about industrial cyber security. We come across this regularly when talking to people at industry events or speaking with customers or partners. To help you, no matter where you are in the learning curve, we have recently released a five-part video series.

SCADA Security: New Vulnerability Disclosure Framework a Step Forward

Posted by ernest.hayden on Jul 26 2012

This is an excerpt from the Think Forward blog at verizonbusiness.com

S4 SCADA Security Symposium Takeaway: Time for a Revolution

Posted by Eric Byres on Jan 20 2012

I am flying home from Digital Bond’s S4 SCADA Security Symposium as I write this (BTW this was a stellar event where, even as a security expert, I learnt an amazing amount). After listening to two days of excellent, but scary talks, the first thing that comes to mind is “SCADA/ICS security is in worse shape than I

Schneider Vulnerabilities: Where are the ICS/SCADA End Users?

Posted by Eric Byres on Dec 16 2011

On December 12, Rubén Santamarta publicly announced details of multiple vulnerabilities affecting the Schneider Electric Quantum Ethernet Module.

Getting Started on ICS and SCADA Security (Part 2 of 2)

Posted by Eric Byres on Aug 17 2011

Last week I discussed the first steps to take to get started to improve ICS and SCADA Security in your facility. Those steps included:

New SCADA Security Reality: Assume a Security Breach

Posted by Eric Byres on Jul 20 2011

Earlier this month I came across a great article called “The new paradigm for utility information security: assume your security system has already been breached” by Ernie Hayden of Verizon’s Global Energy & Utility Practice. I highly recommend you read it, for the reasons I explain in this blog post.

“Son-of-Stuxnet” - Coming Soon to a SCADA or PLC System Near You

Posted by Eric Byres on May 31 2011

In the past two months, the number of serious security vulnerabilities being reported in SCADA and ICS products has sky rocketed. In late March, I blogged about how Luigi Auriemma published 34 vulnerabilities (with free exploit code) for 4 popular HMI packages.

Protecting your ICS from Zero-Day Attacks (plus Video)

Posted by Joel Langill on May 02 2011

Nowadays Stuxnet has become a household term the second anyone talks about cyber security for industrial control systems (ICS). This sophisticated piece of malware first identified in 2010, showed just how powerful an ICS compromise could be in terms of both the impact to manufacturing operations and the possibility of mechanical damage.

Simpler SCADA Security Beats More User Training

Posted by Eric Byres on Apr 26 2011

One of the mantras about good SCADA security is that it is primarily dependent on people and processes, not technology.

Thus if you have an ICS security problem, first look for solutions such as user training or better processes rather than technology solutions. This sounds good on the surface, but I’m not sure it’s true.

Protecting your ICONICS GENESIS SCADA HMI System from Security Vulnerabilities (plus White Paper)

Posted by Joel Langill on Mar 25 2011

As mentioned in a blog article we wrote earlier this week, an Italian “Security Researcher” named Luigi Auriemma published thirty-four SCADA product vulnerabilities against four SCADA products (the complete list of vulnerabilities and compa

ICS

"Understanding Deep Packet Inspection for SCADA Security"