Articles & Presentations

Articles & Presentations

Tofino OPC Classic Enforcer Introduction

Presentation from:  Byres Security, November 2010

OPC Classic is a software interface technology used to facilitate the transfer of data between different industrial control systems. Unfortunately, securely deploying OPC Classic has proven to be a challenge until recentl

Cyber Wars

Article in: Hydrocarbon Engineering, October 2010

Every month security researchers discover hundreds of new worms and viruses attacking the world's computer systems. Usually, few in supervisory control and data acquisition (SCADA) and process control take notice

US program to provide surveillance on critical infrastructure

As cyber attacks and espionage against critical infrastructure increase the US government is launching a program to protect critical infrastructure.  This program will target older computer control systems and its goal is to close serious security vulnerabilities in control and automation systems.

U.S. Plans Cyber Shield for Utilities, Companies

The Wall Street Journal
July 8th, 2010

Could Cyber Terrorists Attack Our Company?

Article in:  ControlGlobal, June 2010

The majority of control system cyber threats are unintentional, as discussed in this article that summarizes data from the Repository of Industrial Security Incidents (RISI).  Tips on how to start reducing the risk of cyber threats are provided.

Could Cyber Terrorists Attack Our Company?

Industrial Cyber Security Incidents Revealed

AutomationWorld highlights the rise in cyber incidents affecting control systems.  This new report lays out trends seen in 2009 and makes comparisons to historical data.

Safety and Security: Two Sides of the Same Coin

Article in:  ControlGlobal, April 2010

The relationship between safety and security is such that a weakness in security creates increased risk, which in turn creates a decrease in safety. As a result, safety and security are directly proportional, but both are inversely proportional to risk.

House passes cybersecurity bill

The House on February 4th, 2010, passed a bill aimed at building up the United States' cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online.

Containing Wireless Threats

Proliferating use of wireless technologies sets up conflicts between the federal CIP standards and FCC regulations, say the authors of a newly available White Paper. To mitigate wireless cyber security risks, they recommend a defense-in-depth approach.

Eric Byres' article 'Protecting your Plant' recognized with major award

Article in: Chemical Processing, September 2009


Protecting your Plant, written by Byres Security CTO Eric Byres, has been recognized with a Midwest Silver award from the American Society of Business Publications Editors (ASBPE)....

Cyber security for pipeline control systems

Article in: Pipeline & Gas Journal, February 2009

Eric Byres, CTO of Tofino Security, has published an article about cyber security and pipeline control systems in Pipeline and Gas Journal.....


Video: The Tofino Industrial Security Solution

Video From: Byres Security, October 2008


Eric Byres, CTO of Byres Security, presents the seven steps to industrial-strength security with Tofino™.

Video: Securing industry from cyber threats

Video From: Byres Security, October 2008


In this video  Eric Byres, CTO of Byres Security, describes how the Tofino™ Industrial Security Solution protects critical infrastructure from threats that penetrate or bypass IT firewalls.....

Estimating a System's Mean Time-to-Compromise

Article in: IEEE Security & Privacy, January/February 2008

The ability to efficiently compare differing security solutions for effectiveness is often considered lacking from a management perspective. To address this we propose a framework for estimating the mean time-to-compromise (MTTC) of a target system for use as a comparative security metric. This MTTC is calculated through a three step process.

First a topological map of the target system is divided into attack zones, allowing each zone to be described with its own state-space model (SSM).

Wolves at the Security House Door(s) , Part 2

Article in: CONTROL Magazine, January 2008

The average corporate desktop is far more secure than the average PLC, yet the PLC is the asset that is far more valuable to company.

Forget the Silos, Build the Bridge

Article in: InTech Magazine, December 2007

Over the past 10 years, the industrial controls (IC) world has borrowed substantially from the world of information technologies (IT)...

Eric Byres, Jim Bauhs, and Brian Mason; "Forget the Silos, Build the Bridge", InTech Magazine, December 2007

Wolves at the Door(s) of the House of Straw

Article in: CONTROL Magazine, December 2007

We will probably never know how the Slammer worm made it into this facility, but the fact is that once the worm was on the inside, it found a very soft target and really could begin to do its worst...

Eric Byres; "Wolves at the Door(s) of the House of Straw", CONTROL Magazine, December 2007

Making Cyber Security Work in the Refinery

Article in: InTech Magazine, October 2007

Anyone reading InTech over the last five years will have seen many articles on the need to secure control systems from cyber attack. Nearly all include descriptions of actual security incidents that will concern even the most hardened control specialist...

Eric Byres; "Making Cyber Security Work in the Refinery", InTech Magazine, October 2007

The Line - Defense in Depth Sound Security Strategy

Article in: InTech, March 2007

Today sound security strategy, regardless of whether it is military, physical, or cyber security, leverages the concept of “Defense in Depth.” Effective security comes by layering multiple security solutions, so if the one fails, another takes up the torch of defense.

In this article, Eric Byres goes into detail about the Defense-in-Depth strategy and explains how companies cannot keep relying on traditional firewalls with a single point of failure.

Uncovering Cyber Flaws

Article in: InTech Magazine, January 2006


To ensure the safety and security of the process, company, and staff, find the vulnerabilities and break a negative chain of events...

Why we need Security Audits

Article in: InTech Magazine, March 2005
Corporations and PCN vendors are incapable of taking action to improve the security posture of the current or future process environments without specific solution requirements. Just saying "we need firewalls and encrypted SCADA protocols" is not enough.


Subscribe to RSS - Articles & Presentations