January 2011

Stuxnet Lesson: Is SCADA/Control Field Device Firmware the Next Malware Target?

In the post-Stuxnet cyber security world, many vendors are actively thinking about protective measures that could prevent a similar attack on industrial systems.

Such measures could be implemented at the PC-level, the PLC-level, or even the Profibus or device-level. They could include methods such as antivirus-scanners, firewalls, patch management, password policies, USB usage policies, code integrity checkers, etc. However, all of these measures are ones that are implemented at the highest levels of an industrial system.

Fixed Configuration Firewalls, Safety Systems and Reduced Human Error

Earlier this week Patrick Coyle wrote an excellent blog on Safety Integrated Systems (SIS) and why they are so important to safe industrial operations. If you are new to the SCADA and ICS world, or if you have mostly worked on non-safety related processes, I highly recommend you read his blog.

Stuxnet Guidance: The Good, the Bad and the Ugly

Over the past month, there has been no shortage of reports on how Stuxnet is attacking the Iranian Nuclear Program. Unfortunately, good advice on what exactly Industrial Control System (ICS) owner/operators can do to protect themselves against Stuxnet (and its future offspring) is in short supply. In fact much of what passes as technical guidance is either too IT-focused or simply wrong.

Industrial Network Security – is the Process Control World getting Serious about it?

Recently a partner of ours, Invensys Operations Management, won the prestigious Breakthrough Product of the Year Award for 2010 from Processing Magazine. They won it for a product that we helped engineer, the Triconex Tofino OPC Firewall.

We think this is a big deal for two reasons. Obviously one reason is that a product we help create won a major award – pretty cool.

New Technologies Inside the Triconex Tofino Firewall

In my last blog, I mentioned that one of the good things about Invensys winning the Breakthrough Product of the Year Award for 2010 for the Triconex Tofino OPC Firewall was that it may indicate that industrial network security for control and SCADA systems is becoming mainstream in the engineering world.