November 2010

Controlling Stuxnet – No More Flat Networks PLEASE. Let's Embrace "Security Zones".

Submitted by Eric Byres on Thu, 2010-11-04 12:38

In last week’s post, I mentioned that Eric Cornelius gave a very interesting talk at last week’s ICSJWG meetings. Cornelius works for INL (Idaho National Labs) and they are doing Stuxnet research for the US Government.

I want to highlight some of Cornelius’ comments, as well as other themes that came up that are important for the average SCADA / ICS system engineer or manager.

Using Tofino Security to Control Stuxnet - New Application Note

Submitted by Eric Byres on Mon, 2010-11-08 09:35

One of the three pathways Stuxnet uses to infect other computers is via the Local Area Network communications inside the control system (the other two are via infected USB drives and via infected Siemens project files).

This blog post addresses how to restrict network-driven infections using the Tofino Industrial Security Solution as the example product for mitigation. Tofino is our own product, so you know where my bias is.  However, no matter what technology is deployed, the concepts I will talk about are the same.

Dual Homed Machines are the Juiciest Targets

Submitted by Eric Byres on Wed, 2010-11-17 14:44

It is easy for me to forget that just because I have taught a concept at one or two conferences, not everyone in the world has heard it. This was driven home with amazing clarity at the Hirschmann Critical Network Design Conference back in September when a participant asked me:

We use computers with two network cards as security between the control system and the business system. Is that a good idea?

Why VLAN Security isn't SCADA Security at all

Submitted by Eric Byres on Tue, 2010-11-23 15:07

Over the years I have been asked by a number of control engineers, “Our IT dept says we have VLANs, so why do I need a firewall?”

Back in the mid-90s, I was a big supporter of Virtual Local Area Networks (VLANs) for security. Unfortunately, I have seen so many issues with this technology that I no longer believe it provides effective security.

Bad News for SCADA - Stuxnet gets Scarier

Submitted by Eric Byres on Fri, 2010-11-26 13:50

Over the past two weeks, there has been considerable progress in determining exactly what industrial process Stuxnet’s creators were trying to destroy. This news is not good for the industrial control system and SCADA communities.

First the Symantec team announced that one of Stuxnet’s payloads was designed to change the output frequencies of specific Variable Frequency Drives (VFDs) and thus the speed of the motors connected to them, essentially sabotaging the industrial process.

Iran Confirms Stuxnet Impacts their Centrifuges / Was Iran’s Stuxnet Expert Assassinated??

Submitted by Eric Byres on Mon, 2010-11-29 13:26

The Stuxnet story is getting stranger by the minute. First Iran’s President, Mahmoud Ahmadinejad, gave a press conference earlier today where he admitted that Stuxnet had hit Iran’s uranium enrichment centrifuges.