Submitted by Eric Byres on Thu, 2012-07-05 11:17
Editor's Note: This is an updated version of this article, which was first published on June 30, 2011
|
Recently I gave a talk focused on air gaps as a security strategy in control systems. The talk was at the AusCERT 2012 conference and to my amazement, it generated a large amount of discussion in the media both inside and outside Australia. Here are a few examples: |
Submitted by Eric Byres on Thu, 2011-08-04 15:07
My optimism regarding Siemens and its approach to SCADA/ICS security has just taken another big hit. There are major security problems at Siemens and they are not close to fixing them.
I am embarrassed I gave them such high marks in my previous blogs.
Submitted by Eric Byres on Thu, 2011-07-07 14:30
This article continues our review of Siemens’ announcements and posture regarding cyber security as reflected at their Automation Summit last week. Part 1 of this post was published yesterday.
New Siemens Products for Enhanced Cyber Security
Christoph Lehmann, from Siemens Germany, focused on many of the new products and services that Siemens is currently developing (or has recently released) to improve control system security. A few noteworthy ones are mentioned here.
Submitted by Eric Byres on Wed, 2011-07-06 12:44
The Siemens Automation Summit was held last week and both Joel Langill and I attended it, presented at it, and engaged in social media commentary regarding it. This article will summarize our opinion of Siemens’ announcements and posture regarding cyber security as we reflected on the conference. We assign grades to various aspects of Siemens’ cyber security measures or policies, and we will sum it up with a final grade at the end of Part 2.
Submitted by Eric Byres on Mon, 2011-06-20 09:59
Last week in his blog article, Fix the Problem, Stop Bailing out Vendors, Dale Peterson made an impassioned statement that the SCADA security community:
“needs to put all our efforts and emphasis in the PLC, RTU, controller space on getting vendors to add basic security features to their models available for sale today… We should not say or pretend that any other solution besides this is acceptable. Fix the problem!”
Submitted by Eric Byres on Mon, 2011-06-13 16:24
Over the past week, I have been digging into the Siemens S7 PLC vulnerabilities that were discovered by Dillon Beresford at NSS Labs in May. In the first blog article, I analyzed the contradictory information being circulated in an attempt to scrape out a few facts and guesses on what PLC products are actually affected and what the nature of the vulnerabilities are.
Submitted by Eric Byres on Fri, 2011-06-10 16:24
In my previous blog, I analyzed the contradictory information being circulated regarding the Siemens S7 PLC vulnerabilities that were discovered by Dillon Beresford at NSS Labs in May. By studying the various Siemens and NSS notices, we were able to scrape out a few facts.
Submitted by Eric Byres on Thu, 2011-06-09 14:32
The recent news that Dillon Beresford at NSS Labs had discovered somewhere between four and six serious vulnerabilities in the Siemens S7 PLC product has created quite a storm of news and concern for critical asset owners. Unfortunately, information on the range and severity of the vulnerabilities has been contradictory.
Submitted by Eric Byres on Wed, 2011-03-23 10:17
Selling the concept of security for SCADA and ICS might still be struggling, but publishing vulnerabilities for SCADA and ICS equipment seems to be a growth industry.
Thirty-Four SCADA Product Vulnerabilities
On Monday an Italian “Security Researcher” published a raft of vulnerabilities (34 in all) against four SCADA products. Below are the affected products with links to the US-CERT announcements:
Submitted by Eric Byres on Tue, 2011-02-22 16:27
Over the past four months, Joel Langill, Andrew Ginter and I have been working on a really cool research project. We have been investigating how Stuxnet would infect an industrial site protected by a “high security architecture.”
Submitted by Eric Byres on Thu, 2010-09-23 10:07
Week after week, the Stuxnet worm continues to amuse and astound all of us that have studied it. Last week it was Ralph Langner’s detailed analysis that showed Stuxnet wasn’t just infecting Windows boxes and stealing data, it was specifically designed to modify PLC logic so it could destroy a physical process. Next it is the amazing number of Windows zero-day vulnerabilities* it exploits to do its dirty work.
Submitted by Eric Byres on Fri, 2010-09-17 09:16
Back in July when Stuxnet first became public, I wrote in our Siemens PCS7 WinCC Malware White Paper and told anyone that would listen that Stuxnet was targeted at stealing intellectual property from process systems. The code we analyzed showed Stuxnet performing SQL database accesses and process information uploading to servers in Denmark and Malaysia, so this seemed like a sure answer.
Submitted by Eric Byres on Wed, 2010-08-11 10:05
If you have been reading the various advisories on the Stuxnet malware, you would be forgiven for thinking that only computers running relatively new versions of the Windows systems are vulnerable to this worm. For example, the Siemens Stuxnet advisory states; “The virus affects operating systems from XP and higher.” Does that mean if I am running Windows 2000 servers I am immune?
Unfortunately, the answer is NO! Based on our testing, all versions of Windows are vulnerable to Stuxnet, regardless of age.
Submitted by Eric Byres on Wed, 2010-08-04 21:00
Over the past half decade I have avoided creating blog on cyber security. After all, there certainly are plenty of blogs out there, and some provide excellent and detailed analysis of the latest news in SCADA security.
