Submitted by Heather MacKenzie on Thu, 2012-10-25 21:00
Ed. Note: This is a significant update to an article first published on Sept 25, 2012. The original article is available as a download in Related Links.
Submitted by Eric Byres on Wed, 2012-10-17 13:23
Submitted by Eric Byres on Fri, 2012-10-12 21:00
Yesterday afternoon I received a note from another security expert that has left me a bit stunned. Like most of you, I assumed that if you are patching your Windows computers on your SCADA or ICS system (using some variation of Microsoft Windows Update), then any vulnerable services that can be patched will be patched. Well guess again – you may still have a number of open vulnerabilities that are happily being missed by the Windows update service.
Submitted by Heather MacKenzie on Thu, 2012-10-04 10:29
Submitted by David Alexander on Wed, 2012-09-19 21:00
To understand the problems faced by SCADA users, the team at Regency IT Consulting wanted to build a basic test rig. The goal with the rig was to help us understand the users’ challenges and to interact with the technology and protocols.
Submitted by eschweigert on Wed, 2012-09-12 15:23
Last week Eric Byres addressed the difference between SCADA, ICS and other jargon in our industry. This week I am going to address a question I am often asked “Why are industrial networks so hard to secure?” This is a big topic, so today I will address only “Why are PLCs so Insecure?”
Submitted by Eric Byres on Wed, 2012-09-05 21:00
Recently I saw a posting on LinkedIn asking “What’s the difference between a SCADA system and an ICS system, and if there is no difference, then why do we have two different names?”
This is a good question, because unless you have worked in the industrial automation field for a few decades, the terminology can seem very confusing. Not only do we have SCADA versus ICS, we also have terms like Process Control, Discrete Control, Industrial Automation, Manufacturing Automation Systems, Distributed Control Systems, Energy Management Systems and so on.
Submitted by Eric Byres on Wed, 2012-08-29 13:46
Editor's Note: This is an updated version of this article, which was first published on June 14, 2011.
Submitted by Eric Byres on Wed, 2012-08-22 10:33
Over the past month, I have received a number of emails and seen a number of LinkedIn articles suggesting that I was attacking the concept of data diodes when I stated that Air Gaps are a myth. Unfortunately, this is a serious misunderstanding of my message to the SCADA/ICS community.
Submitted by thomas.nuth on Tue, 2012-08-14 10:06
Finding a way to determine the right level of investment in ICS and SCADA Security has been an ongoing challenge for industry. In an earlier article the Total Cost of Ownership approach for calculating investment level was described. Today I present another method called Value at Risk (VaR).
Submitted by oliver.kleineberg on Thu, 2012-08-09 08:51
Virtual Local Area Networks (VLANs) should not be counted on as a security feature of modern managed Ethernet switch networks. This is now common knowledge, both in IT departments and also in the Industrial Control Community. Indeed in Eric Byres’ article Why VLAN Security isn't SCADA Security at all he points out that switches with VLANS are not firewalls. But are VLANs the boogeyman of industrial control system security...or are they underestimated helpers?
Submitted by Heather MacKenzie on Wed, 2012-08-01 21:00
Engineers as well as IT staff in the process control and SCADA industries have varying levels of knowledge about industrial cyber security. We come across this regularly when talking to people at industry events or speaking with customers or partners. To help you, no matter where you are in the learning curve, we have recently released a five-part video series.
This article summarizes the videos and provides you with direct access to them.
Submitted by ernest.hayden on Thu, 2012-07-26 12:54
Submitted by Eric Byres on Tue, 2012-07-17 10:18
Last week I discussed how security experts and ICS / SCADA vendors are giving up on the dream of the air gap as a viable security solution for the modern control system. Unfortunately, it is still all too easy to believe your control system is isolated.
Recently I had a very enlightening conversation with a control engineer who thought his system was air gapped.
Submitted by Eric Byres on Thu, 2012-07-12 21:00
Last week I updated my air gap blog from 2011. I noted some companies (like Siemens) no longer mention air gaps. Then to keep things balanced, I added new examples of consultants that support the air gap theory. In particular, I selected this quote from Paul Ferguson at Trend Micro:
Submitted by Eric Byres on Thu, 2012-07-05 11:17
Editor's Note: This is an updated version of this article, which was first published on June 30, 2011
Recently I gave a talk focused on air gaps as a security strategy in control systems. The talk was at the AusCERT 2012 conference and to my amazement, it generated a large amount of discussion in the media both inside and outside Australia. Here are a few examples: |
Submitted by Heather MacKenzie on Tue, 2012-06-26 21:00
Did Iran really detect a planned "massive cyber attack" against its nuclear facilities, as reported by Reuters last week? And, have they really “taken [the] necessary measures” to contain it?
Submitted by Eric Byres on Tue, 2012-06-19 21:00
Professor Paul Dorey recently presented a paper about the seven important lessons the IT world has learned in managing Advanced Persistent Threats (APTs). In this article, I will discuss lessons #2, #3 and #4, and how to apply these lessons to ICS and SCADA security.
Submitted by Eric Byres on Tue, 2012-06-12 21:00
Recently a very complex worm called Flame has been discovered attacking companies in the Middle East, and it is an excellent example of what security experts call an Advanced Persistent Threat (APT). Figuring out how to defend against APTs is a major focus in the IT security world.
Submitted by Eric Byres on Tue, 2012-06-05 21:00
The discovery of the Flame malware last week focused the cyber security world on the sophisticated strikes targeting energy companies in the Middle East. Although Flame’s goal was espionage rather than damaging operations as Stuxnet did, it has been seen as one more indication that the industrial world is now in the bull’s eye of clever attackers.
Pages