Cyber security

New Stuxnet White Paper: Analysis of the Siemens WinCC / PCS7 “Stuxnet” Malware for Industrial Control System Professionals.

Stuxnet is a computer worm designed to take advantage of a number of previously unknown vulnerabilities present in the Windows operating system and Siemens SIMATIC WinCC, PCS7 and S7 product lines.

It was designed to target one or more industrial systems that use Siemens PLCs with the apparent objective of sabotaging industrial processes.

This White Paper summarizes the current known facts about the Stuxnet worm and the actions that operators of SCADA and ICS systems can take to protect critical operations.

Also included is Joel Langill's excellent video that shows in detail how Stuxnet infects a system.

Belden has recently introduced version 1.6.0 of its Hirschmann™ EAGLE20 Tofino industrial network security system, including the new EAGLE20 Tofino OPC Enforcer Loadable Software Module (LSM). Developed by Byres Security Inc. for Hirschmann™, the OPC Enforcer locks down any system using the widely installed OPC Classic protocol, providing superior security over what can be achieved with conventional firewall solutions.

by Eric Byres, security expert and CTO of Byres Security and Thomas J. Burke, President, OPC Foundation.

OPC Classic is a software interface technology used to facilitate the transfer of data between different industrial control systems. It is widely used to interconnect Human Machine Interface (HMI) workstations, data historians and other hosts on the control network with enterprise databases, Enterprise Resource Planning (ERP) systems and other business-oriented software. Unfortunately, securely deploying OPC Classic has proven to be a challenge until recently.

Most automation specialists are shocked to find out how much traffic is on their production control networks. Find out how installing the latest technology and adopting tighter policies for securing production networks can help to protect the integrity of critical control, safety, and regulatory data and processes.