control system

Blaming Vendors Doesn’t Fix Today’s SCADA Security Issues

Last week in his blog article, Fix the Problem, Stop Bailing out Vendors, Dale Peterson made an impassioned statement that the SCADA security community:

“needs to put all our efforts and emphasis in the PLC, RTU, controller space on getting vendors to add basic security features to their models available for sale today… We should not say or pretend that any other solution besides this is acceptable. Fix the problem!”

Stuxnet - I was wrong

Back in July when Stuxnet first became public, I wrote in our Siemens PCS7 WinCC Malware White Paper and told anyone that would listen that Stuxnet was targeted at stealing intellectual property from process systems. The code we analyzed showed Stuxnet performing SQL database accesses and process information uploading to servers in Denmark and Malaysia, so this seemed like a sure answer.

Using Modbus PLC's? Here's How To Protect Them

Last week I wrote about a malicious attack on an industrial control system (ICS) initiated by outsiders. This week I'll discuss a PLC accident caused by an insider, and suggest some possible solutions for both of these incidents.

Sample ICS Security Incident: Hackers Shut Down Crude Oil Loading Terminal For 8 Hours

We had a request recently from a reader to provide an example of a malicious attack by outsiders on a control system, how it was done, and what impact it had on the plant and the owner. This is surprisingly tough to do, because according to RISI the vast majority of security incidents are internal and/or accidental in nature. Additionally, people whose control systems have been hacked do not like to talk about it - why give attackers more info and ideas than they already have?

Subscribe to RSS - control system