Practical SCADA Security

Control System Security Threats, Security / Reliability Incidents, Useful Industrial Cyber Security Tips

32 Minutes to Understanding SCADA Security
Heather MacKenzie
Wednesday, August 1, 2012

Engineers as well as IT staff in the process control and SCADA industries have varying levels of knowledge about industrial cyber security. We come across this regularly when talking to people at industry events or speaking with customers or partners. To help you, no matter where you are in the learning curve, we have recently released a five-part video series.

 

This article summarizes the videos and provides you with direct access to them.

Video 1: What is Cyber Security?

As industrial networks have become more complex, more connected to business systems and make more use of Commercial-Off-The-Shelf (COTS) technologies, cyber security has become more important for their...

Post a comment
Read more
4,818 reads

SCADA Security: New Vulnerability Disclosure Framework a Step Forward
ernest.hayden
Thursday, July 26, 2012

 

This is an excerpt from the Think Forward blog at verizonbusiness.com

 

In a move that may be helpful for critical infrastructure asset owners, on July 23  the Industrial Control Systems Joint Working Group (ICSJWG) published a new document on a framework for disclosing Industrial Control System (ICS) vulnerabilities.

Common Industrial Control System Vulnerability Framework

Industrial Control Systems Joint Working Group (ICSJWG), which was established by the U.S. Department of...

Post a comment
1
Read more
3,078 reads

SCADA Security: A Call-out to Control Engineers about Air Gaps
Eric Byres
Tuesday, July 17, 2012

Last week I discussed how security experts and ICS / SCADA vendors are giving up on the dream of the air gap as a viable security solution for the modern control system. Unfortunately, it is still all too easy to believe your control system is isolated.

 

Recently I had a very enlightening conversation with a control engineer who thought his system was air gapped.
 

Engineer: Interesting talk you just gave on Stuxnet, but our turbomachinery equipment is completely isolated, so we don’t need to worry.


Eric: You mean you have no electronic transfers from the turbomachinery control network to the rest of the...

Post a comment
7
Read more
3,570 reads

SCADA Security: Is the Air Gap Debate Over?
Eric Byres
Thursday, July 12, 2012

Last week I updated my air gap blog from 2011. I noted some companies (like Siemens) no longer mention air gaps. Then to keep things balanced, I added new examples of consultants that support the air gap theory. In particular, I selected this quote from Paul Ferguson at Trend Micro:

 

“I’ve written about SCADA issues in the past, but one issue that I’ve consistently tried to emphasize is that critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form. There’s a good reason for this, and it’s always been referred to as...

Post a comment
6
Read more
4,295 reads

#1 ICS and SCADA Security Myth: Protection by Air Gap
Eric Byres
Thursday, July 5, 2012

Editor's Note:  This is an updated version of this article, which was first published on June 30, 2011

 

 

Recently I gave a talk focused on air gaps as a security strategy in control systems. The talk was at the AusCERT 2012 conference and to my amazement, it generated a large amount of discussion in the media both inside and outside Australia. Here are a few examples:

Post a comment
12
Read more
17,254 reads

 

 

 

 

Eric Byres

 

 

The opinions expressed here are the personal opinions of the Contributors. Content published here does not necessarily represent the views and opinions of Tofino Security

 

© Tofino Security 2013

All Rights Reserved.