SCADA

Industrial Data Compromise – the New Business Risk

Today is the day that Tofino Security is announcing that I have joined their team.  I am very excited about this, particularly because I believe that industrial cyber security is the next major impactful technology to hit the automation industries.

I am also excited to be joining Eric and Joann Byres and their group; people I have high regard for, as I believe Tofino Security technology is poised to lead the way in protecting the critical infrastructure industries.

Schneider Vulnerabilities: Where are the ICS/SCADA End Users?

On December 12, Rubén Santamarta publicly announced details of multiple vulnerabilities affecting the Schneider Electric Quantum Ethernet Module. These are serious vulnerabilities, involving hard-coded passwords that give an attacker complete access to the device.  As Reid Wightman puts it 

The Italian Job – Multiple SCADA / ICS Vulnerabilities Go Public

Selling the concept of security for SCADA and ICS might still be struggling, but publishing vulnerabilities for SCADA and ICS equipment seems to be a growth industry.

Thirty-Four SCADA Product Vulnerabilities

On Monday an Italian “Security Researcher” published a raft of vulnerabilities (34 in all) against four SCADA products. Below are the affected products with links to the US-CERT announcements:

ISA99 Stuxnet Gap Assessment – Why It’s Important

Last week the International Society of Automation (ISA) announced that a new committee, ISA99 WG5 TG2, has been struck to conduct a gap analysis of the current ANSI/ISA-99 standards with respect to Stuxnet. The goal is to determine if companies following the standards would have been protected from advanced persistent threats (APTs) such as Stuxnet. If not, then the committee will identify what changes are needed.

I have been asked to Chair the committee and I am writing today to let you know about its work, to explain why it is important, and to ask for your participation.

A Nasty New World of Cyber Threats for ICS and SCADA Security

February has not been a good month for ICS and SCADA security, at least not if you want to feel secure.

The Amazing Mr. Stuxnet

Week after week, the Stuxnet worm continues to amuse and astound all of us that have studied it. Last week it was Ralph Langner’s detailed analysis that showed Stuxnet wasn’t just infecting Windows boxes and stealing data, it was specifically designed to modify PLC logic so it could destroy a physical process. Next it is the amazing number of Windows zero-day vulnerabilities* it exploits to do its dirty work.

Stuxnet - I was wrong

Back in July when Stuxnet first became public, I wrote in our Siemens PCS7 WinCC Malware White Paper and told anyone that would listen that Stuxnet was targeted at stealing intellectual property from process systems. The code we analyzed showed Stuxnet performing SQL database accesses and process information uploading to servers in Denmark and Malaysia, so this seemed like a sure answer.

Passwords: Real Bad Security (But We Have To Live With Them)

One of the best things about the whole Stuxnet worm fiasco is that it has brought one of the biggest security issues – the use and abuse of passwords – into focus. Currently most of the discussion has focused on Siemens’ unfortunate use of fixed default passwords in their products (for example, see Joe Weiss’ post on http://news.infracritical.com/pipermail/scadasec/2010-August/001756.html).

Sample ICS Security Incident: Hackers Shut Down Crude Oil Loading Terminal For 8 Hours

We had a request recently from a reader to provide an example of a malicious attack by outsiders on a control system, how it was done, and what impact it had on the plant and the owner. This is surprisingly tough to do, because according to RISI the vast majority of security incidents are internal and/or accidental in nature. Additionally, people whose control systems have been hacked do not like to talk about it - why give attackers more info and ideas than they already have?

Why Stuxnet Affects All Windows Systems

If you have been reading the various advisories on the Stuxnet malware, you would be forgiven for thinking that only computers running relatively new versions of the Windows systems are vulnerable to this worm. For example, the Siemens Stuxnet advisory states; “The virus affects operating systems from XP and higher.” Does that mean if I am running Windows 2000 servers I am immune?

Unfortunately, the answer is NO! Based on our testing, all versions of Windows are vulnerable to Stuxnet, regardless of age.

Why Another Security Blog? Stuxnet Shows Why.

Over the past half decade I have avoided creating blog on cyber security.  After all, there certainly are plenty of blogs out there, and some provide excellent and detailed analysis of the latest news in SCADA security.

Subscribe to RSS - SCADA