Protecting Your ICS from Zero-Day Attacks
Video From: SCADAhacker.com, April 2011
Cyber security for industrial control systems is now receiving a lot of attention due in part to the devastating power of the Stuxnet worm and its impact on the Iranian nuclear program in 2010, but also with the disclosure of 34 vulnerabilities on various control systems in March 2011.
Analysis of the 7-Technologies IGSS Security Vulnerabilities for Industrial Control System Professionals
A number of previously unknown security vulnerabilities in the 7-Technologies Interactive Graphics SCADA System (IGSS) product have been publically disclosed. The release of these vulnerabilities included proof-of-concept (PoC) exploit code.
This White Paper summarizes the current known facts about these vulnerabilities. It also summarizes the actions that operators of SCADA and ICS systems can take to protect critical operations.
Analysis of the ICONICS GENESIS Security Vulnerabilities for Industrial Control System Professionals
A number of previously unknown security vulnerabilities in the ICONICSTM GENESIS32TM and GENESIS64TM ICS/SCADA products have been publically disclosed.
This White Paper documents the current known facts about these vulnerabilities. It then summarizes the actions that operators of SCADA and ICS systems can take to protect critical operations.
News coverage following the release of the White Paper "How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems" by Eric Byres, Andrew Ginter, and Joel Langill.
Podcast from: Digitalbond.com, February 2011
Dale Peterson of DigitalBond.com talks with Eric Byres CTO Tofino Security, Andrew Ginter of Abterra Technologies and Joel Langill of SCADAhacker.com, the three authors of the new 26-page whitepaper "How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems." 37:27 - 1:08:30
New "How Stuxnet Spreads" White Paper by three leading industrial security experts describes Stuxnet infection pathways and discusses how to protect SCADA systems......
The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems.
This paper describes an example of a site following high security architecture best practices and then shows the ways that the worm could make its way through the defences of the site to take control of the process and cause physical damage.
The paper closes with a discussion of the lessons that can be learned from the analysis of Stuxnet’s propagation pathways. It explains how owners of critical systems need to respond to protect control systems from future threats of this type.
New Stuxnet White Paper: Analysis of the Siemens WinCC / PCS7 “Stuxnet” Malware for Industrial Control System Professionals.
Stuxnet is a computer worm designed to take advantage of a number of previously unknown vulnerabilities present in the Windows operating system and Siemens SIMATIC WinCC, PCS7 and S7 product lines.
It was designed to target one or more industrial systems that use Siemens PLCs with the apparent objective of sabotaging industrial processes.
This White Paper summarizes the current known facts about the Stuxnet worm and the actions that operators of SCADA and ICS systems can take to protect critical operations.
Also included is Joel Langill's excellent video that shows in detail how Stuxnet infects a system.