cyber security

With the last post from Eric and Joann Byres below, this blog is now closed.  However, Belden continues to publish ICS security articles at the Industrial Security blog on Belden.com. 

This blog is the last one from me as a member of the company that manufactures and sells Tofino Security products. Joann Byres (Tofino co-founder and Belden Vice President) and I are retiring from the Tofino Security group at Belden effective January 30, 2015.

The age of malware specifically targeting industrial control systems (ICS) began in 2010 when Stuxnet was revealed to be disrupting operations at one of Iran’s nuclear enrichment facilities. Since that shock, we have seen advanced malware, such as Flame and Duqu, target energy companies for espionage purposes.

When I started Tofino Security in 2006, my two goals were to make industrial cyber security easy to deploy and better suited for the real needs of mission critical networks. Our first generation products went a long way in doing that, but like any initial offerings they reflected a limited feedback loop from users in the field.

Today I am proud to say that we have integrated lessons learned over the last eight years to deliver Tofino 2.0, our next generation of industrial cyber security solutions.

Tofino 2.0 is a suite of products and services that includes:

Note from Eric Byres:  As cyber threats directed at industry become more common, it is important for top executives to become involved with their organization’s cyber security policies.  The following article by Ernie Hayden comments on the situation from an IT perspective.  My point of view is that today’s threats to operational systems merit the same degree of management attention.  Enjoy Ernie’s article and make use of the data in Verizon’s excellent report.

In my blog article on the Factory of the Future I mentioned the concept of Defense in Depth. This is such a critical foundation in the field of security that I am going to dedicate a number of columns over the next few weeks to this topic.

The furor over the Siemens vulnerabilities and the fear that Son-of-Stuxnet could be around the corner has raised awareness of the need for cyber security to be taken seriously by the process and critical infrastructure industries.

Back in July when Stuxnet first became public, I wrote in our Siemens PCS7 WinCC Malware White Paper and told anyone that would listen that Stuxnet was targeted at stealing intellectual property from process systems. The code we analyzed showed Stuxnet performing SQL database accesses and process information uploading to servers in Denmark and Malaysia, so this seemed like a sure answer.

Last week I wrote about a malicious attack on an industrial control system (ICS) initiated by outsiders. This week I'll discuss a PLC accident caused by an insider, and suggest some possible solutions for both of these incidents.

We had a request recently from a reader to provide an example of a malicious attack by outsiders on a control system, how it was done, and what impact it had on the plant and the owner. This is surprisingly tough to do, because according to RISI the vast majority of security incidents are internal and/or accidental in nature. Additionally, people whose control systems have been hacked do not like to talk about it - why give attackers more info and ideas than they already have?