July 2012

#1 ICS and SCADA Security Myth: Protection by Air Gap

Submitted by Eric Byres on Thu, 2012-07-05 11:17

Editor's Note:  This is an updated version of this article, which was first published on June 30, 2011

 

Recently I gave a talk focused on air gaps as a security strategy in control systems. The talk was at the AusCERT 2012 conference and to my amazement, it generated a large amount of discussion in the media both inside and outside Australia. Here are a few examples:

SCADA Security: Is the Air Gap Debate Over?

Submitted by Eric Byres on Thu, 2012-07-12 21:00

Last week I updated my air gap blog from 2011. I noted some companies (like Siemens) no longer mention air gaps. Then to keep things balanced, I added new examples of consultants that support the air gap theory. In particular, I selected this quote from Paul Ferguson at Trend Micro:

SCADA Security: A Call-out to Control Engineers about Air Gaps

Submitted by Eric Byres on Tue, 2012-07-17 10:18

Last week I discussed how security experts and ICS / SCADA vendors are giving up on the dream of the air gap as a viable security solution for the modern control system. Unfortunately, it is still all too easy to believe your control system is isolated.

Recently I had a very enlightening conversation with a control engineer who thought his system was air gapped.

SCADA Security: New Vulnerability Disclosure Framework a Step Forward

Submitted by ernest.hayden on Thu, 2012-07-26 12:54

This is an excerpt from the Think Forward blog at verizonbusiness.com

In a move that may be helpful for critical infrastructure asset owners, on July 23  the Industrial Control Systems Joint Working Group (ICSJWG) published a new document on a framework for disclosing Industrial Control System (ICS) vulnerabilities.