control systems

Control System Security in a Post-Stuxnet World

Control System Security in a Post-Stuxnet World

Control Network Secure Connectivity Simplified

The susceptibility of control systems to security issues continues to confront organizations. In this article, Scott Howard, Technical Sales Manager at Tofino Security, and Lisa Lorenzin, Principal Solutions Architect, Juniper Networks, collaborate to explain how adopting newer standards-based technologies for IT networks can help avoid compromises from attacks.

Control Network Secure Connectivity Simplified

Article in: InTech Web Exclusive, April 2011

The susceptibility of control systems to security issues continues to confront organizations. Although it is rare to penetrate a control system directly from the internet, the advanced hacker or typical worm still has many options created by corporate connections, remote support links, USB keys, laptops, etc.

Effective OPC Security for Control Systems

For the past decade, industrial control systems administrators and engineers wanted to believe that ‘air gaps’ or ‘security by obscurity’ would keep them safe from security threats.  Those days are over - recent security incidents such as the Stuxnet worm are a loud wakeup call for the industrial automation industry.

This White Paper explains the security advantages of limiting network interfaces and protocols, and recommends using OPC as a communications standard because of its ease of use and its widespread deployment.

IN11-504: Canadian CCIRC Vulnerability Note

The Canadian Cyber Incident Response Centre Information (CCIRC) Information Note IN11-504 on Cyber Threats and Vulnerabilities Against SCADA Systems summarizes hundreds of pages of security bulletins into a succinct document.

This note covers 8 important Vulnerabilities.

ICSJWG Fall 2010 Conference

Seattle, Washington

October 25 - 28, 2010

 

Tofino Security speaker:

Eric Byres, CTO

 

Date: Wednesday, October 27, 2010

Time: 14:15 - 15:00

Session: Track 2

 

Topic: SCADA and Control Systems Security: New Standards Protecting Old Technology

 

Joann Byres, CEO, also attended the conference.

 

2010 Belden Mission-Critical Network Design Seminar

Orlando, Florida

September 19 - 22, 2010

 

Tofino Security speaker:

Eric Byres, CTO

 

Topic: The Good, Bad, and the Ugly Futures of Control System Security

Date: Tuesday, September 21, 2010

 

US program to provide surveillance on critical infrastructure

As cyber attacks and espionage against critical infrastructure increase the US government is launching a program to protect critical infrastructure.  This program will target older computer control systems and its goal is to close serious security vulnerabilities in control and automation systems.

U.S. Plans Cyber Shield for Utilities, Companies

The Wall Street Journal
July 8th, 2010

Could Cyber Terrorists Attack Our Company?

Article in:  ControlGlobal, June 2010

The majority of control system cyber threats are unintentional, as discussed in this article that summarizes data from the Repository of Industrial Security Incidents (RISI).  Tips on how to start reducing the risk of cyber threats are provided.

Could Cyber Terrorists Attack Our Company?

Cybersecurity summit pays little attention to control system's security

Leading security experts and government officials met last week in Dallas at the EastWest Institute’s first annual Cyber Security summit.  Unfortunately, little attention was paid to control system security despite the threat of increasing infrastructure attacks.

Canvassing the cyber security landscape: Why energy companies need to pay attention

Recent news of a “highly sophisticated and targeted” cyber attack on Google, Yahoo, and perhaps on as many as a dozen other companies has once again brought the issue of cyber security to the top of the news.   The Journey of Energy Security dives into some of the energy industries historical background and outlines some of the key vulnerabilities, threats and risks that energy industry faces.

ABB Automation & Power World 2010

Houston, Texas
May 18 - 20, 2010

Tofino Security speaker:
Eric Byres, CTO

Topic: WCS-186-1 Tricks for making remote access to SCADA systems both easy and secure
Date: May 19, 2010

TOP 5 IN 2010: Automation technologies to watch for

Automationmag.com asked five industry experts to name the top five technologies and trends that will impact Canadian and worldwide manufacturers in 2010 and beyond.

New Tofino® Event Logger module reliably records SCADA security events and alarms

Tofino Security is announcing the introduction of the new Tofino® Event Logger Loadable Security Module as part of the Tofino Industrial Security Solution....

Cyber security for pipeline control systems

Article in: Pipeline & Gas Journal, February 2009

Eric Byres, CTO of Tofino Security, has published an article about cyber security and pipeline control systems in Pipeline and Gas Journal.....

CYBER SECURITY AND THE PIPELINE CONTROL SYSTEM

OPC Security White Paper #2 - OPC Exposed

Abstract: In this second White Paper of the OPC  Security Series, we describe the vulnerabilities typically found in OPC hosts, based on OPC’s current architecture and the typical underlying operating system. We also investigate common misconfiguration vulnerabilities found in OPC server or client computers both at the operating system and OPC application level. Finally, using these vulnerabilities we propose four possible risk scenarios for OPC-based attacks.

Making Cyber Security Work in the Refinery

Article in: InTech Magazine, October 2007

Anyone reading InTech over the last five years will have seen many articles on the need to secure control systems from cyber attack. Nearly all include descriptions of actual security incidents that will concern even the most hardened control specialist...

Eric Byres; "Making Cyber Security Work in the Refinery", InTech Magazine, October 2007

Safety and security in the world today

In the world today, we are relying more and more on the safety and security of software systems. The traditional view of safety-critical software is that it is concerned with avoiding logic bugs that could cause loss of life, whereas security concerns are about preventing unauthorized access and tampering. But are these two concerns really different?

Finding the Security Holes before the Hackers Do

E.J. Byres and M. Franz; “Finding the Security Holes before the Hackers Do”, ISA Technical Conference, Instrumentation Systems and Automation Society, Chicago, October 2005
 

The Special Needs of SCADA/PCN Firewalls: Architectures and Test Results

E.J. Byres, B. Chauvin, D. Hoffman, J. Karsch and N. Kube; “The Special Needs of SCADA/PCN Firewalls: Architectures and Test Results”, The 11th IEEE International Conference on Emerging Technologies and Factory Automation, Institute of Electrical and Electronics Engineers, Catania Italy, September 2005

Pages

Subscribe to RSS - control systems