Submitted by Eric Byres on Tue, 2012-05-29 21:00
Over the weekend a new super worm exploded onto the cyber security landscape. Known as Flame or sKyWIper, it appears to be targeting sites in the Middle East, just like the Stuxnet and Duqu worms did. But what does it have to do with SCADA or ICS security? At this stage the answer appears to be nothing and…everything.
Submitted by oliver.kleineberg on Wed, 2012-05-23 21:00
Note from Eric Byres: Oliver Kleineberg makes his debut today as a blogger for Practical SCADA Security and we welcome his expertise in the areas of fault tolerance and redundant networking. He has recently joined Tofino Security from Hirschmann, our sister company, based in Germany (and both of our groups are part of Belden).
Submitted by Joel Langill on Wed, 2012-04-25 14:28
In Part 1 of this series, I explained what a stateless firewall is and the hazards of stateless security. In this article I will show you just how dangerously insecure these devices are.
Submitted by Joel Langill on Wed, 2012-04-11 11:45
Submitted by Eric Byres on Wed, 2012-04-04 21:00
Deep Packet Inspection (DPI) is important for the future of SCADA / ICS security - and in this article I explain why.
DPI SCADA Security: Reviewing the Basics
In Part 1 of this series I explained DPI technology in detail. To review, the traditional IT firewall examines the TCP/IP and Ethernet headers in the network messages it sees. It then makes decisions whether to allow or block a message based on this limited information.
Submitted by Eric Byres on Thu, 2012-03-29 14:31
I have talked repeatedly about something called Deep Packet Inspection (DPI) and why it is so important for SCADA / ICS security (for example, see Air Gaps Won’t Stop Stuxnet’s Children). The trouble is, I have never described what DPI actually is. So in today’s blog I will back up and explain what DPI firewall technology is all about.
Submitted by Eric Byres on Wed, 2012-03-21 13:47
In my earlier column on the philosophy of Defense in Depth, I discussed how relying on a single defensive solution exposes a system to a single point of failure. No matter how well designed or strong that single defense is, either resourceful adversaries or Murphy’s Law eventually results in the defense malfunctioning or being bypassed. When that happens, the entire system is wide open to attack.
Submitted by Eric Byres on Fri, 2012-01-20 14:08
I am flying home from Digital Bond’s S4 SCADA Security Symposium as I write this (BTW this was a stellar event where, even as a security expert, I learnt an amazing amount). After listening to two days of excellent, but scary talks, the first thing that comes to mind is “SCADA/ICS security is in worse shape than I thought”. Much worse shape…
Submitted by David Alexander on Mon, 2011-10-24 10:02
Recently Rob Hulsebos wrote an article for this blog where he raised the perennial problem of programming errors contributing to security vulnerability. I have a newsflash for you - this isn’t new. It may be a new concept to some in the world of Industrial Control Systems, but it’s been a problem for software engineers since about 5 seconds after the first ever program successfully compiled.
Submitted by Eric Byres on Thu, 2011-09-29 09:45
It has been almost 25 years since I first started working in the industrial network field and 15 years since I first focused on SCADA and ICS security. From the start, I have been amazed at how difficult it is to get people to see the whole picture.
For example, control engineers know what a PLC or control loop is, but constantly underestimate the impacts that cyber threats have on their industrial processes. IT professionals understand the risks, but often don’t understand the processes and components.
Submitted by Eric Byres on Wed, 2011-08-17 11:08
Last week I discussed the first steps to take to get started to improve ICS and SCADA Security in your facility. Those steps included:
- Step 1 - Conducting a Security Risk Assessment,
- Step 2 - Learning Industrial Cyber Security Fundamentals, and
- Step 3 - Understanding the Unique Requirements of ICS and SCADA Cyber Security.
This week I discuss the remainder of the process.
Submitted by Eric Byres on Wed, 2011-08-10 15:02
The furor over the Siemens vulnerabilities and the fear that Son-of-Stuxnet could be around the corner has raised awareness of the need for cyber security to be taken seriously by the process and critical infrastructure industries.
Submitted by Eric Byres on Wed, 2011-07-20 12:56
Submitted by Eric Byres on Tue, 2011-04-26 21:00
One of the mantras about good SCADA security is that it is primarily dependent on people and processes, not technology.
Thus if you have an ICS security problem, first look for solutions such as user training or better processes rather than technology solutions. This sounds good on the surface, but I’m not sure it’s true.
Performing tasks securely just isn’t part of human nature. Doing them the easiest way possible is. Unless the secure way is also the easy way, security will lose 9 times out of 10.
Submitted by Eric Byres on Tue, 2011-04-19 21:00
How can I reliably and easily secure my control system?
A lot of people are re-examining this question and giving it higher priority after learning about Stuxnet and the recent publishing of SCADA system vulnerabilities on the Internet. It is no longer possible to believe that ‘air gaps’ between your systems and the rest of the world, or that ‘security by obscurity’ are effective security strategies.
Submitted by Eric Byres on Mon, 2011-04-18 11:08
Submitted by Eric Byres on Tue, 2011-04-12 21:00
When you hear the words “defense–in-depth” do you immediately think of layers of firewalls?
If so, you are not alone – most of us immediately think of security concepts in traditional physical security terms. For example, we imagine “more defense” as being more moats and castle walls around the crown jewels. But that is not the only way (or even the best way) to create secure ICS or SCADA systems.
Submitted by John Cusimano on Tue, 2011-04-05 11:18
The publication of numerous SCADA vulnerabilities by L. Auriemma last month, on top of the game-changing Stuxnet malware revealed last year, has exposed many security weaknesses in Industrial Control Systems (ICS). The weaknesses occur on two fronts: technology and human factors.
Submitted by Joel Langill on Fri, 2011-03-25 10:10
Submitted by Joel Langill on Wed, 2011-03-23 16:23
One of the unfortunate facts about security is that if you can find one vulnerability, you can usually find lots more. Vulnerabilities are not just bad luck – they are caused by a poor Software Security Assurance (SSA) process (or a complete lack of one). Next in line for blame are experienced professionals who do little in terms of security assessments prior to commissioning systems in actual production facilities.
Pages