Tofino Security Profiles

“Lacking extravagant IT budgets, automation systems also require cyber security systems that just work, with a minimum of human intervention.”

Who is responsible for fixing the thousands (some say 100,000) of vulnerabilities that exist in PLCs, DCS, RTUs and other automation devices that are in use in facilities around the world?

On the one hand, we have the position of Dale Peterson at Digital Bond. Dale ardently argues for (and takes) aggressive measures to pressure ICS vendors into making their products more secure. Through their 2012 Project Basecamp and subsequent disclosures, Digital Bond publically released vulnerability details for a large number of controllers.

Last week I wrote about a serious issue in the patching of SCADA and ICS systems. Just when you think you are installing all needed patches, some critical ones are getting missed.