ICS

More SCADA Security Threats: Where There’s Smoke, There’s Fire

Posted by Joel Langill on Mar 23 2011

One of the unfortunate facts about security is that if you can find one vulnerability, you can usually find lots more. Vulnerabilities are not just bad luck – they are caused by a poor Software Security Assurance (SSA) process (or a complete lack of one).

The Italian Job – Multiple SCADA / ICS Vulnerabilities Go Public

Posted by Eric Byres on Mar 23 2011

Selling the concept of security for SCADA and ICS might still be struggling, but publishing vulnerabilities for SCADA and ICS equipment seems to be a growth industry.

Thirty-Four SCADA Product Vulnerabilities

Summing up Stuxnet in 4 Easy Sections - (plus Handy Presentation)

Posted by Eric Byres on Mar 21 2011

There has been a lot of media coverage and discussion of the Stuxnet malware, and its impact on industrial control system (ICS) and SCADA security. We are one of the groups guilty of creating a Stuxnet publishing industry.

The Many Paths of Stuxnet – How Robust are Today’s Best Practice Systems?

Posted by Eric Byres on Feb 22 2011

Over the past four months, Joel Langill, Andrew Ginter and I have been working on a really cool research project. We have been investigating how Stuxnet would infect an industrial site protected by a “high security architecture.”

A Nasty New World of Cyber Threats for ICS and SCADA Security

Posted by Eric Byres on Feb 18 2011

February has not been a good month for ICS and SCADA security, at least not if you want to feel secure.

Vendor Vulnerability Reports

Stuxnet: Staying Ahead of the Bad Guys

Posted by Eric Byres on Feb 11 2011

Last week I had the chance to attend a very interesting seminar at the Stanford Research Institute called the DHS/SRI Infosec Technology Transition Council Meeting (ITTC). It wasn’t focused on SCADA or ICS or even Stuxnet, yet some of the talks had a lot of applicability to the control systems world.

Industrial Network Security – is the Process Control World getting Serious about it?

Posted by Eric Byres on Jan 24 2011

Recently a partner of ours, Invensys Operations Management, won the prestigious Breakthrough Product of the Year Award for 2010 from Processing Magazine.

Stuxnet Guidance: The Good, the Bad and the Ugly

Posted by Eric Byres on Jan 17 2011

Over the past month, there has been no shortage of reports on how Stuxnet is attacking the Iranian Nuclear Program. Unfortunately, good advice on what exactly Industrial Control System (ICS) owner/operators can do to protect themselves against Stuxnet (and its future offspring) is in short supply. In fact much of what passes as technical guidance is either too IT-focused or simply wrong.

Human Centered Design is Key to Industrial Control Systems Security and Safety

Posted by Ron Southworth on Dec 21 2010

In reviewing material about Industrial Control Systems (ICS) there is one element that, in my opinion, is the most important factor to consider - especially in light of the recent hubbub about Stuxnet and ICS Security. That element is human centered design.

Sample ICS Security Incident: Hackers Shut Down Crude Oil Loading Terminal For 8 Hours

Posted by Scott Howard on Aug 17 2010

We had a request recently from a reader to provide an example of a malicious attack by outsiders on a control system, how it was done, and what impact it had on the plant and the owner. This is surprisingly tough to do, because according to RISI the vast majority of security incidents are internal and/or accidental in nature.

ICS

"Understanding Deep Packet Inspection for SCADA Security"