Practical SCADA Security

Control System Security Threats, Security / Reliability Incidents, Useful Industrial Cyber Security Tips

The Secret to Easy and Effective SCADA Security (plus White Paper)
Eric Byres
Tuesday, April 19, 2011

How can I reliably and easily secure my control system?

A lot of people are re-examining this question and giving it higher priority after learning about Stuxnet and the recent publishing of SCADA system vulnerabilities on the Internet.  It is no longer possible to believe that ‘air gaps’ between your systems and the rest of the world, or that ‘security by obscurity’ are effective security strategies.

 

In considering how to approach ICS and SCADA security nowadays, a significant factor to be dealt with is the widespread use of commercial off-the-shelf (COTS) information technologies like Windows and Ethernet on critical control systems....

Post a comment
Read more
2,747 reads

SCADA Security Hack at FPL Wind Turbine - Hoax or Real?
Eric Byres
Monday, April 18, 2011

At approximately 11:00 a.m. EDT last Saturday morning (April 16, 2011), The Repository for Industrial Security Incidents (RISI) received the following email:

 

Subject: Florida Power & Light Company (FPL) Fort Sumner Wind turbine Control SCADA was HACKED

 

Message: Here comes my revenge for illegitimate firing from Florida Power & Light Company (FPL) ... ain't nothing you can do with it, since NM electricity is turned off !!! In some days this people will know about FLP SCADA...

Post a comment
2
Read more
3,749 reads

OPC Security: More than the Sum of the Parts (plus White Paper)
Eric Byres
Tuesday, April 12, 2011

When you hear the words “defense–in-depth” do you immediately think of layers of firewalls?

 

If so, you are not alone – most of us immediately think of security concepts in traditional physical security terms.  For example, we imagine “more defense” as being more moats and castle walls around the crown jewels.  But that is not the only way (or even the best way) to create secure ICS or SCADA systems.

 

Today we are releasing a White Paper with MatrikonOPC that shows how security layers can work in other ways.  The paper illustrates how security threats come in different flavors and how defensive layers can be optimized to...

Post a comment
Read more
3,274 reads

SCADA Security Requires Software Security Assurance
John Cusimano
Tuesday, April 5, 2011

The publication of numerous SCADA vulnerabilities by L. Auriemma last month, on top of the game-changing Stuxnet malware revealed last year, has exposed many security weaknesses in Industrial Control Systems (ICS). The weaknesses occur on two fronts: technology and human factors.

 

Technology weaknesses exist in the communications technology, devices, and software applications used in the automation industry. Weak security cultures in organizations, inadequate security processes and difficult to configure and manage security products are some of the human factors involved (for a further discussion on the human factors, see the White...

Post a comment
1
Read more
3,602 reads

Protecting your ICONICS GENESIS SCADA HMI System from Security Vulnerabilities (plus White Paper)
Joel Langill
Friday, March 25, 2011

As mentioned in a blog article we wrote earlier this week, an Italian “Security Researcher” named Luigi Auriemma published thirty-four SCADA product vulnerabilities against four SCADA products (the complete list of vulnerabilities and companies is provided in the earlier article).

 

Eric Byres and I have tested the vulnerabilities and today we are releasing a White Paper that analyses the ones regarding ICONICS GENESIS32 and GENESIS64 products.  The paper summarizes both the current known facts about the vulnerabilities and the...

Post a comment
2
Read more
5,258 reads

 

 

 

 

Eric Byres

 

 

The opinions expressed here are the personal opinions of the Contributors. Content published here does not necessarily represent the views and opinions of Tofino Security

 

© Tofino Security 2013

All Rights Reserved.