Practical SCADA Security

Control System Security Threats, Security / Reliability Incidents, Useful Industrial Cyber Security Tips

Cyber Attacks on U.S. Critical Infrastructure will Intensify
Heather MacKenzie
Tuesday, June 26, 2012

Did Iran really detect a planned "massive cyber attack" against its nuclear facilities, as reported by Reuters last week? And, have they really “taken [the] necessary measures” to contain it? Or has their posturing been affected by the revelations in “Confront and Conceal: Obama’s Secret Wars and the Surprising Use of American Power” (Confront and Conceal), the new book...

Post a comment
14
Read more
6,133 reads

Securing SCADA systems from APTs like Flame and Stuxnet – Part 2
Eric Byres
Tuesday, June 19, 2012

Professor Paul Dorey recently presented a paper about the seven important lessons the IT world has learned in managing Advanced Persistent Threats (APTs). In this article, I will discuss lessons #2, #3 and #4, and how to apply these lessons to ICS and SCADA security.

 

APTs have been discussed in some depth in previous blogs, so if you aren’t familiar with the concept (or need a review) check out Part #1 of this series. If you want real world examples of APTs, especially ones that have impacted the energy...

Post a comment
8
Read more
4,114 reads

Securing SCADA systems from APTs like Flame and Stuxnet – Part 1
Eric Byres
Tuesday, June 12, 2012

Recently a very complex worm called Flame has been discovered attacking companies in the Middle East, and it is an excellent example of what security experts call an Advanced Persistent Threat (APT). Figuring out how to defend against APTs is a major focus in the IT security world.

 

Now while Flame was busy attacking the Middle East, I was in Abu Dhabi at the International Cyber Security Forum for Energy and Utilities, listening to a talk by Paul Dorey called...

Post a comment
4
Read more
7,943 reads

Stuxnet Warfare – The Gloves are Off
Eric Byres
Tuesday, June 5, 2012

The discovery of the Flame malware last week focused the cyber security world on the sophisticated strikes targeting energy companies in the Middle East. Although Flame’s goal was espionage rather than damaging operations as Stuxnet did, it has been seen as one more indication that the industrial world is now in the bull’s eye of clever attackers.

 

On the heels of Flame coverage, today David Sanger, the Pulitzer Prize winning Washington correspondent for The New York Times,...

Post a comment
4
Read more
5,516 reads

Flame Malware and SCADA Security: What are the Impacts?
Eric Byres
Tuesday, May 29, 2012

Over the weekend a new super worm exploded onto the cyber security landscape. Known as Flame or sKyWIper, it appears to be targeting sites in the Middle East, just like the Stuxnet and Duqu worms did. But what does it have to do with SCADA or ICS security? At this stage the answer appears to be nothing and…everything.

 

Courtesy: David Ayres 

Is...

Post a comment
4
Read more
10,949 reads

 

 

 

 

Eric Byres

 

 

The opinions expressed here are the personal opinions of the Contributors. Content published here does not necessarily represent the views and opinions of Tofino Security

 

© Tofino Security 2013

All Rights Reserved.