August 2011

Siemens PLC Security Vulnerabilities – It Just Gets Worse

My optimism regarding Siemens and its approach to SCADA/ICS security has just taken another big hit. There are major security problems at Siemens and they are not close to fixing them.

I am embarrassed I gave them such high marks in my previous blogs.

Getting Started on ICS and SCADA Security (Part 1 of 2)

The furor over the Siemens vulnerabilities and the fear that Son-of-Stuxnet could be around the corner has raised awareness of the need for cyber security to be taken seriously by the process and critical infrastructure industries.

Getting Started on ICS and SCADA Security (Part 2 of 2)

Last week I discussed the first steps to take to get started to improve ICS and SCADA Security in your facility.  Those steps included:

  • Step 1 - Conducting a Security Risk Assessment,
  • Step 2 - Learning Industrial Cyber Security Fundamentals, and
  • Step 3 - Understanding the Unique Requirements of ICS and SCADA Cyber Security.

This week I discuss the remainder of the process.