Submitted by Eric Byres on Mon, 2013-01-28 21:00
January is the Cruelest Month
Submitted by Laura Mattson on Wed, 2012-12-12 12:28
Early in 2012 Eric Byres wrote a blog article predicting what he thought would happen in 2012 with regards to SCADA and ICS security. I went back to his blog and highlighted the four main predictions he made. Then I asked him to rate himself on each one.
Submitted by S. Claus on Tue, 2012-11-27 10:15
Submitted by Frank Williams on Wed, 2012-01-11 15:43
Today is the day that Tofino Security is announcing that I have joined their team. I am very excited about this, particularly because I believe that industrial cyber security is the next major impactful technology to hit the automation industries.
I am also excited to be joining Eric and Joann Byres and their group; people I have high regard for, as I believe Tofino Security technology is poised to lead the way in protecting the critical infrastructure industries.
Submitted by Eric Byres on Wed, 2012-01-04 14:48
After suggesting a sous-vide oven as a gift idea for control engineers, I was looking forward to designing my own homemade system from PLC parts over the holidays. However, my project never got off the ground as my wife Joann gave me the real thing. (Perhaps she couldn’t stand the thought of having my home-built electronics in the kitchen…)
Submitted by Eric Byres on Tue, 2011-11-01 16:37
Last week I received a humorous note from Dr. Paul Dorey directing me to two side-by-side lead articles in the latest Automation.com eNewsletter, Programmable Automation Controllers (PAC) Update.
Submitted by Eric Byres on Tue, 2011-05-10 21:00
Recently I was asked “How could a hacker possibly attack an industrial controller like a PLC or SIS, since there is no operating system in these devices?”
Now some manufacturers would like people to believe there is no operating system in a controller, but unfortunately this is not true. Every RTU, PLC, SIS or DCS controller on the market today has a commercial operating system in it. For example, here are just a few I have worked directly with in the past:
Submitted by Eric Byres on Mon, 2011-03-21 10:23
There has been a lot of media coverage and discussion of the Stuxnet malware, and its impact on industrial control system (ICS) and SCADA security. We are one of the groups guilty of creating a Stuxnet publishing industry.
Submitted by rahulsebos on Tue, 2011-01-04 13:55
In the post-Stuxnet cyber security world, many vendors are actively thinking about protective measures that could prevent a similar attack on industrial systems.
Such measures could be implemented at the PC-level, the PLC-level, or even the Profibus or device-level. They could include methods such as antivirus-scanners, firewalls, patch management, password policies, USB usage policies, code integrity checkers, etc. However, all of these measures are ones that are implemented at the highest levels of an industrial system.
Submitted by Eric Byres on Fri, 2010-11-26 13:50
Over the past two weeks, there has been considerable progress in determining exactly what industrial process Stuxnet’s creators were trying to destroy. This news is not good for the industrial control system and SCADA communities.
First the Symantec team announced that one of Stuxnet’s payloads was designed to change the output frequencies of specific Variable Frequency Drives (VFDs) and thus the speed of the motors connected to them, essentially sabotaging the industrial process.
Submitted by Eric Byres on Thu, 2010-09-23 10:07
Week after week, the Stuxnet worm continues to amuse and astound all of us that have studied it. Last week it was Ralph Langner’s detailed analysis that showed Stuxnet wasn’t just infecting Windows boxes and stealing data, it was specifically designed to modify PLC logic so it could destroy a physical process. Next it is the amazing number of Windows zero-day vulnerabilities* it exploits to do its dirty work.
Submitted by Eric Byres on Fri, 2010-09-17 09:16
Back in July when Stuxnet first became public, I wrote in our Siemens PCS7 WinCC Malware White Paper and told anyone that would listen that Stuxnet was targeted at stealing intellectual property from process systems. The code we analyzed showed Stuxnet performing SQL database accesses and process information uploading to servers in Denmark and Malaysia, so this seemed like a sure answer.
Submitted by Scott Howard on Thu, 2010-08-26 11:02
Last week I wrote about a malicious attack on an industrial control system (ICS) initiated by outsiders. This week I'll discuss a PLC accident caused by an insider, and suggest some possible solutions for both of these incidents.
Submitted by Scott Howard on Tue, 2010-08-17 17:50
We had a request recently from a reader to provide an example of a malicious attack by outsiders on a control system, how it was done, and what impact it had on the plant and the owner. This is surprisingly tough to do, because according to RISI the vast majority of security incidents are internal and/or accidental in nature. Additionally, people whose control systems have been hacked do not like to talk about it - why give attackers more info and ideas than they already have?