Articles & Presentations

Using ANSI/ISA-99 standards to improve control system security

February 2012

Article from: Industrial Ethernet Book, February 2012

Today, operators are being asked to isolate automation systems just as ever greater interconnectedness is demanded. Adding to these pressures is the growing fear of cyber attacks such as the infamous Stuxnet.

In this article Eric Byres explains how the ‘zone and conduit’ model included in the ANSI/ISA-99 security standards provides a framework for dealing with network security concerns, including fears of the " Son-of-Stuxnet".

Member Login Required

Due to the sensitive nature of this document, you must be logged in to access it.

Cyber Espionage comes to SCADA Security

February 2012

Article from: Automation.com, February 2012

SCADA and Industrial Control Systems operators have been under pressure to increase productivity and reduce costs through network integration. In addition, proprietary network technologies are being replaced with commercial-off-the-shelf technologies.

At the same time, advanced persistent threats such as Stuxnet, Night Dragon, Duqu and Nitro have made industrial systems their targets.

In this article Eric Byres summarizes the impacts of the new threats and discusses how their purpose may not be process destruction, but industrial espionage.

Member Login Required

Due to the sensitive nature of this document, you must be logged in to access it.

Cyber Espionage comes to Automation and SCADA

February 2012

Article from: A&D Magazine, www.AuD24.net (Originally Published in German)

In this article Eric Byres discusses how SCADA and industrial control systems are vulnerable to cyber attacks, such as Stuxnet and Stuxnet's children.

This vulnerability is unavoidable due to the fact that modern industry depends on electronic information from the outside world to operate. Find out about Eric's suggestions for mitigating this risk.

Member Login Required

Due to the sensitive nature of this document, you must be logged in to access it.

Protecting OPC Servers

January 2012

Article in: EngineerIT Magazine, January 2012

OPC, originally called OLE for process control, is used extensively in control systems to provide interoperability between devices and software from different vendors.

In this article, Gary Friend of Extech Safety Systems provides a summary of the security issues related to OPC, and shows how an OPC enforcer can be used to protect OPC servers and clients.

Digital danger zone: Tackling cyber security

January 2012

Article from: arabianOilandGas.com, Utilities-me.com, January 2012

The protection of critical national infrastructure has long been a serious concern to governments in the Middle East. Achieving this is no longer to limited to physical security; it now includes the very real and growing need to enhance cyber security.

This article discusses the increasing number of international cyber attacks and the challenges of securing networks and control systems in the national oil, gas, power, water and electricity sectors. Eric Byres and other experts comment on current security concerns and suggest ways of dealing with them.

Member Login Required

Due to the sensitive nature of this document, you must be logged in to access it.

SCADA Security: New Standards Protecting Old Technology

December 2011

Article in: Electric Energy Magazine, December 2011

Supervisory Control and Data Acquisition (SCADA) systems have undergone a technological revolution over the past 20 years that has been nothing short of mind-boggling.

In this article, Scott Howard, System Architect at Byres Security Inc., explains how the integration of new technologies can subject existing SCADA systems to new stresses and threat sources that the systems were never designed to handle.

Must Industry Choose Between Security or Efficiency?

November 2011

Article from: Automation.com, November 2011

Automation.com ran two side-by-side articles in its Programmable Automation Controllers (PAC) Update eNewsletter:

Really, Really, Really Cyber Secure

Automation & Control Getting iPhone App Enabled

The contrast between these two articles beautifully captures an issue the automation industry must resolve in the next few years.

Eric Byres questions "must we sacrifice these gains in efficiency that modern technologies offer if we want our utilities and factories to be secure?"

Member Login Required

Due to the sensitive nature of this document, you must be logged in to access it.

SCADA and CIP Security in a Post-Stuxnet World

October 2011

Presentation from: Byres Security, October 2011

"SCADA and CIP Security in a Post-Stuxnet World" summarizes a lot of information about the Stuxnet malware and how it has affected SCADA and CIP security. The presentation also goes into detail about the possibilities of a Son-of-Stuxnet.

The presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.

Member Login Required

Due to the sensitive nature of this document, you must be logged in to access it.

Mission Critical Security in a Post-Stuxnet World

September 2011

Presentation from: Byres Security, September 2011

This 2-part presentation, "Mission Critical Security in a Post-Stuxnet World," contains slides from the Hirschmann 2011 Mission Critical Network Design Seminar. It summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security.

The presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.

Cyber Security Threats: Expert Interview with Eric Byres, Part 1

August 2011

Article from: Automation.com, August 2011

Cyber Security is a hot topic that has become more intense since the notoriety of the Stuxnet virus.

In this article, Bill Lydon, Editor at Automation.com, interviews Eric Byres to gain a greater understanding of the challenges and solutions for industrial cyber security.