October 2010

The Stuxnet Mystery Continues

Submitted by Eric Byres on Fri, 2010-10-01 12:26

I have just come back from three very interesting presentations by Symantec, Microsoft and Kaspersky Labs at the Virus Bulletin 2010 conference. For two hours they discussed their latest findings on Stuxnet, the PLC/SCADA-targeting worm of the decade.

Not your Father's Control System

Submitted by Scott Howard on Tue, 2010-10-05 11:02

It is no secret that control systems have changed dramatically over the last 25 years. While those changes have brought great rewards, they have also introduced fierce threats, like Stuxnet.

Sometimes, however, it’s helpful to step back and look at those changes from a distance. What types of things have changed? What were the drivers that caused the change to happen? Maybe (if we’re lucky) we can use the knowledge gained from this reflection to predict how control systems are likely to evolve in the next decade or so.

No Silver Bullet for Stuxnet / Siemens WinCC Malware - White Paper

Submitted by Eric Byres on Thu, 2010-10-14 17:18

Last week, Rick Kaun in his blog “[In]security Culture”, blasted the “security vendors” who were claiming that if the ICS/SCADA world used their offering, we would have avoided the whole Stuxnet mess. As Rick very correctly points out, this is complete rubbish - there is no silver bullet for security in general, but in the Stuxnet case it is dangerously inaccurate.

Stuxnet Mitigation Matrix

Submitted by Eric Byres on Thu, 2010-10-21 10:49

Our goal with this blog is to provide you with practical information to help you avoid network incidents that disrupt operations.

With this in mind, today we are releasing a Stuxnet Mitigation Matrix that presents easy-to-follow actions to take against Stuxnet.

PDF Stuxnet Mitigation Matrix by Tofino Security is a printable version of the mitigation matrix that includes dynamic links to detailed information on each of the patches and mitigations.

Invensys OpsManage '10, Stuxnet and USB Keys

Submitted by Eric Byres on Fri, 2010-10-22 15:36

Just flying back from OpsManage '10, the Invensys Users Group meetings that have been going on all week in Florida. I missed a few days, so I can’t comment on some of the early presentations, but three things did catch my eye.

Stuxnet Mitigation Matrix Updated

Submitted by Eric Byres on Mon, 2010-10-25 11:27
Stuxnet Mitigation Matrix Updated
 
This is a short note to let you know that we have updated our Stuxnet Mitigation Matrix to version 1.1, based on feedback from our readers.
 
The new version addresses the need to test and/or confirm all mitigations, including firewalling the Remote Procedure Call (RPC) protocol.

ICSJWG – recharging industrial cyber security

Submitted by Eric Byres on Thu, 2010-10-28 15:42

The Industrial Control Systems Joint Working Group (ICSWJG) Fall 2010 Conference just wrapped up today. For the first time, I was glad I attended. It was three days well spent.

If you haven’t heard of ICSJWG, you are not alone. It is a US-Department of Homeland Security initiative to give vendors, researchers and end-users a chance to network and explore the issues that make securing SCADA and industrial control systems difficult.