Submitted by Eric Byres on Wed, 2012-05-16 21:00
Recently I wrote about one of the fundamentals of industrial cyber security, which is the concept of Defense in Depth.
Today I am going to write about another foundation concept, which goes hand-in-hand with Defense in Depth, and that is using ANSI/ISA-99 Standards to improve control system security.
Factors that have degraded Control Network Security
There are two opposing trends impacting control network design today:
Submitted by Eric Byres on Fri, 2011-02-11 15:21
Last week I had the chance to attend a very interesting seminar at the Stanford Research Institute called the DHS/SRI Infosec Technology Transition Council Meeting (ITTC). It wasn’t focused on SCADA or ICS or even Stuxnet, yet some of the talks had a lot of applicability to the control systems world.
Submitted by Eric Byres on Wed, 2010-12-15 14:28
Last week Jason Holcomb at Digital Bond wrote a great article called “Everybody Knows Your Passwords” on the issues of default passwords. In it he talked about how some control system vendors continue to bury hidden “default” passwords in their system. As Stuxnet illustrated, these passwords can be later accessed by malware or hackers, making them the perfect backdoor into a company’s operations.
