industrial cyber security

With the last post from Eric and Joann Byres below, this blog is now closed.  However, Belden continues to publish ICS security articles at the Industrial Security blog on Belden.com. 

This blog is the last one from me as a member of the company that manufactures and sells Tofino Security products. Joann Byres (Tofino co-founder and Belden Vice President) and I are retiring from the Tofino Security group at Belden effective January 30, 2015.

The age of malware specifically targeting industrial control systems (ICS) began in 2010 when Stuxnet was revealed to be disrupting operations at one of Iran’s nuclear enrichment facilities. Since that shock, we have seen advanced malware, such as Flame and Duqu, target energy companies for espionage purposes.

When I started Tofino Security in 2006, my two goals were to make industrial cyber security easy to deploy and better suited for the real needs of mission critical networks. Our first generation products went a long way in doing that, but like any initial offerings they reflected a limited feedback loop from users in the field.

Today I am proud to say that we have integrated lessons learned over the last eight years to deliver Tofino 2.0, our next generation of industrial cyber security solutions.

Tofino 2.0 is a suite of products and services that includes:

If you are a regular follower of this blog, you’ve probably noticed that I haven’t been writing much in the past few months. I have simply been too busy, traveling and speaking at some really great security conferences.

Author Mike Miclot

Nobody likes the job of replacing a good team member when they retire. Yet, that is the job the manufacturing industry is faced with as a trusted component of the industrial application ecosystem steps down from active duty. That component is the Windows XP operating system (OS), a workhorse of a product that is pervasive in factories, energy facilities and many critical infrastructure systems around the world.

Author Mike Miclot

On the eve of April 8, Microsoft retired support for the Windows XP operating system (OS) – leaving millions of Windows XP users susceptible to accidental and deliberate security issues. Though the retirement had been long planned and with fair warning, industrial network users are just beginning to comprehend the ramifications.

You have likely never worried about the possibility of a high school geek doing some programming that affects your home water quality. Well, neither had I until I learnt that some municipal networks have no security between the network their schools use and the one that runs their water/wastewater facility.

Our last blog, contributed by Thomas Nuth, highlighted the fact that industrial cyber security is now being discussed by heads of state within the international community - the Executive Order – Improving Critical Infrastructure Cybersecurity signed by President Obama in February of this year being just one indication of the importance being attached to th

Three years ago, the concept of industrial cyber security became a popular discussion topic within the industrial networking community. Now the discussion has risen to the level of heads of state within the international community. The Executive Order – Improving Critical Infrastructure Cybersecurity signed by President Obama in February of this year is just one indication of the importance being attached to this issue.

Today is the day that Tofino Security is announcing that I have joined their team.  I am very excited about this, particularly because I believe that industrial cyber security is the next major impactful technology to hit the automation industries.

I am also excited to be joining Eric and Joann Byres and their group; people I have high regard for, as I believe Tofino Security technology is poised to lead the way in protecting the critical infrastructure industries.

In the post-Stuxnet cyber security world, many vendors are actively thinking about protective measures that could prevent a similar attack on industrial systems.

Such measures could be implemented at the PC-level, the PLC-level, or even the Profibus or device-level. They could include methods such as antivirus-scanners, firewalls, patch management, password policies, USB usage policies, code integrity checkers, etc. However, all of these measures are ones that are implemented at the highest levels of an industrial system.