Control System Security Threats, Security / Reliability Incidents, Useful Industrial Cyber Security Tips
Our goal with this blog is to provide you with practical information to help you avoid network incidents that disrupt operations.
With this in mind, today we are releasing a Stuxnet Mitigation Matrix that presents easy-to-follow actions to take against Stuxnet.
Stuxnet Mitigation Matrix by Tofino Security is a printable version of the mitigation matrix that includes dynamic links to detailed information on each of the patches and mitigations.
Last week, Rick Kaun in his blog “[In]security Culture”, blasted the “security vendors” who were claiming that if the ICS/SCADA world used their offering, we would have avoided the whole Stuxnet mess. As Rick very correctly points out, this is complete rubbish - there is no silver bullet for security in general, but in the Stuxnet case it is dangerously inaccurate.
It is no secret that control systems have changed dramatically over the last 25 years. While those changes have brought great rewards, they have also introduced fierce threats, like Stuxnet.
Sometimes, however, it’s helpful to step back and look at those changes from a distance. What types of things have changed? What were the drivers that caused the change to happen? Maybe (if we’re lucky) we can use the knowledge gained from this reflection to predict how control systems are likely to evolve in the next decade or so.
I have just come back from three very interesting presentations by Symantec, Microsoft and Kaspersky Labs at the Virus Bulletin 2010 conference. For two hours they discussed their latest findings on Stuxnet, the PLC/SCADA-targeting worm of the decade.
Week after week, the Stuxnet worm continues to amuse and astound all of us that have studied it. Last week it was Ralph Langner’s detailed analysis that showed Stuxnet wasn’t just infecting Windows boxes and stealing data, it was specifically designed to modify PLC logic so it could destroy a physical process. Next it is the amazing number of Windows zero-day vulnerabilities* it exploits to do its dirty work.