July 2011

Siemens Cyber Security Report Card (Part 1 of 2) (plus Presentation)

Submitted by Eric Byres on Wed, 2011-07-06 12:44

The Siemens Automation Summit was held last week and both Joel Langill and I attended it, presented at it, and engaged in social media commentary regarding it. This article will summarize our opinion of Siemens’ announcements and posture regarding cyber security as we reflected on the conference. We assign grades to various aspects of Siemens’ cyber security measures or policies, and we will sum it up with a final grade at the end of Part 2.

Siemens Cyber Security Report Card (Part 2 of 2) (plus Presentation)

Submitted by Eric Byres on Thu, 2011-07-07 14:30

This article continues our review of Siemens’ announcements and posture regarding cyber security as reflected at their Automation Summit last week. Part 1 of this post was published yesterday.

New Siemens Products for Enhanced Cyber Security

Christoph Lehmann, from Siemens Germany, focused on many of the new products and services that Siemens is currently developing (or has recently released) to improve control system security. A few noteworthy ones are mentioned here.

New SCADA Security Reality: Assume a Security Breach

Submitted by Eric Byres on Wed, 2011-07-20 12:56

Earlier this month I came across a great article called “The new paradigm for utility information security: assume your security system has already been breached” by Ernie Hayden of Verizon’s Global Energy & Utility Practice. I highly recommend you read it, for the reasons I explain in this blog post.

Insider Threat to Utilities – More Focus Needed on Critical Components

Submitted by Eric Byres on Tue, 2011-07-26 14:39

Last week the Unites States’ Department of Homeland Security (DHS) released a report on “Insider Threat to Utilities” that has been getting a lot of attention in the mainstream media. While released “For Official Use Only (FOUO)”, the