Protecting your Plant, written by Byres Security CTO Eric Byres, has been recognized with a Midwest Silver award from the American Society of Business Publications Editors (ASBPE)....
In this video Eric Byres, CTO of Byres Security, describes how the Tofino™ Industrial Security Solution protects critical infrastructure from threats that penetrate or bypass IT firewalls.....
The ability to efficiently compare differing security solutions for effectiveness is often considered lacking from a management perspective. To address this we propose a framework for estimating the mean time-to-compromise (MTTC) of a target system for use as a comparative security metric. This MTTC is calculated through a three step process.
First a topological map of the target system is divided into attack zones, allowing each zone to be described with its own state-space model (SSM).
We will probably never know how the Slammer worm made it into this facility, but the fact is that once the worm was on the inside, it found a very soft target and really could begin to do its worst...
Eric Byres; "Wolves at the Door(s) of the House of Straw", CONTROL Magazine, December 2007
Abstract: This White Paper is the first in a series on the security of OPC (OLE for Process Control) and focuses on providing an overview of the widely-used industrial communication standard and how it is actually used in industry. Based on the results of end-user surveys and interviews, it shows that the way OPC is being used may be putting the operations of major industries at risk.
Abstract: In this third White Paper of the OPC Security Series, we outline how a server or workstation running OPC can be secured in a simple and effective manner.
Anyone reading InTech over the last five years will have seen many articles on the need to secure control systems from cyber attack. Nearly all include descriptions of actual security incidents that will concern even the most hardened control specialist...
Eric Byres; "Making Cyber Security Work in the Refinery", InTech Magazine, October 2007
E.J. Byres, D. Hoffman and N. Kube; “On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols”, 5th American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, NM, November 2006
E.J. Byres and A. Creery; “Industrial Cybersecurity For Power System And SCADA Networks”, Proceedings of the IEEE Petroleum and Chemical Industries Conference, Institute of Electrical and Electronics Engineers, Denver, September 200
Corporations and PCN vendors are incapable of taking action to improve the security posture of the current or future process environments without specific solution requirements. Just saying "we need firewalls and encrypted SCADA protocols" is not enough.
Over the past year (2003) I've written about the serious security risks in using IEEE 802.11—a k a Wireless Ethernet or Wi-Fi—on the plant floor. With all my ranting, you’d think I was against using wireless networks in process control, but I actually like and use Wi-Fi a lot. It is simply too useful to be dismissed...
E.J. Byres; “Designing Secure Networks for Process Control”, IEEE Industry Applications Magazine, Institute of Electrical and Electronics Engineers, New York, Vol. 6, No. 5 p. 33 -39, September/October 2000
Abstract: This White Paper is the first in a series on the security of OPC (OLE for Process Control) and focuses on providing an overview of the widely-used industrial communication standard and how it is actually used in industry. Based on the results of end-user surveys and interviews, it shows that the way OPC is being used may be putting the operations of major industries at risk.
