Practical SCADA Security

Control System Security Threats, Security / Reliability Incidents, Useful Industrial Cyber Security Tips

Heather MacKenzie
Thursday, March 20, 2014

You have likely never worried about the possibility of a high school geek doing some programming that affects your home water quality. Well, neither had I until I learnt that some municipal networks have no security between the network their schools use and the one that runs their water/wastewater facility.


This was the situation in a mid-sized city in the Eastern U.S. In 2012 the Department of Water Resources upgraded their SCADA network to industrial Ethernet. At the time there was little protection or separation of the SCADA network from the city’s IT network. While this provided many benefits it also made the controls network susceptible to malware attacks, accidental network...

4,244 reads
Heather MacKenzie
Wednesday, February 26, 2014

One of the major differences between industrial networks and enterprise networks is that industrial networks are typically managed by engineers or technicians. Now engineers are experts at making good product, designing control loops and so on, but they are not IT security wizards. That's the reality, and it means that security products that "just work" reliably and safely with automation systems are going to be more effective in actually delivering security than products that don't.


That's why Schneider Electric is to be commended for all the measures they are taking to improve cyber security for their customers. This includes conducting a detailed security analysis of all of...

49,347 reads
Eric Byres
Friday, January 31, 2014

Dale Peterson and I have been debating ICS security in our blog posts for over a year now. This January, we took our debate live at the S4x14 conference in Miami, Florida. While Dale refers to me as a SCADA Apologist, I believe I am more of a SCADA Realist.


Take some time to listen carefully to both sides of the argument, and then you can decide who makes the stronger case.



10,208 reads
Eric Byres
Friday, December 20, 2013

As we prepare for some time off to enjoy the holiday season, we would like to take a moment to thank you for being a part of our SCADA security community in 2013.


We very much appreciate your readership and the stimulating dialogue that results from it. The Tofino Security team wishes you and your families all the best for a wonderful holiday and a very happy New Year.



Related Links

•    Top Christmas Movies Guaranteed to Get You in the Holiday...

27,843 reads
Heather MacKenzie
Tuesday, December 17, 2013

Jeff Smith of American Axle & Manufacturing (AAM) is a guru in the world of industrial Ethernet networking and ICS Security. We were fortunate to have him speak again at the 2013 Belden Industrial Ethernet Infrastructure Design Seminar.


In a previous article I outlined the reasons AAM decided to move to Ethernet/IP communications and how they implemented best practices such as standardized segmented network configurations. Today I am going to write about Jeff’s approach...

12,609 reads