Practical SCADA Security

Control System Security Threats, Security / Reliability Incidents, Useful Industrial Cyber Security Tips

submitted by: Eric Byres
on: Wed, 2014-06-25 12:14

If you are a regular follower of this blog, you’ve probably noticed that I haven’t been writing much in the past few months. I have simply been too busy, traveling and speaking at some really great security conferences.

submitted by: Heather MacKenzie
on: Wed, 2014-05-14 21:10

Author Mike Miclot

Nobody likes the job of replacing a good team member when they retire. Yet, that is the job the manufacturing industry is faced with as a trusted component of the industrial application ecosystem steps down from active duty. That component is the Windows XP operating system (OS), a workhorse of a product that is pervasive in factories, energy facilities and many critical infrastructure systems around the world.

submitted by: Heather MacKenzie
on: Wed, 2014-05-14 11:14

Author Mike Miclot

On the eve of April 8, Microsoft retired support for the Windows XP operating system (OS) – leaving millions of Windows XP users susceptible to accidental and deliberate security issues. Though the retirement had been long planned and with fair warning, industrial network users are just beginning to comprehend the ramifications.

submitted by: Heather MacKenzie
on: Thu, 2014-03-20 21:00

You have likely never worried about the possibility of a high school geek doing some programming that affects your home water quality. Well, neither had I until I learnt that some municipal networks have no security between the network their schools use and the one that runs their water/wastewater facility.

submitted by: Heather MacKenzie
on: Wed, 2014-02-26 21:00

One of the major differences between industrial networks and enterprise networks is that industrial networks are typically managed by engineers or technicians. Now engineers are experts at making good product, designing control loops and so on, but they are not IT security wizards. That's the reality, and it means that security products that "just work" reliably and safely with automation systems are going to be more effective in actually delivering security than products that don't.