Control System Security in a Post-Stuxnet World

Control System Security in a Post-Stuxnet World

April 2012 (28:22)

In this presentation for the GlobalSpec virtual conference, Eric discusses how merely isolating your plant's control network is not enough as there are multiple paths into an industrial site. Eric goes on to discuss the measures needed, and technologies available, to prevent network attacks, and highlights why security improves plant floor reliability and safety.


0:50 What is Stuxnet? - How Stuxnet has changed the world for Industrial Control Systems

2:41 How Stuxnet Spread - Could the next worm do the same to a different victim?
4:19 Gap Analysis - Eric discusses Gap Analysis                                                                                                                 
7:06 Stuxnet Phases - The 7 Stages of a stuxnet infection                    
8:31 Penetration Stage - How did Stuxnet get in?                            
10:19 Propagation Methods                                                                  
10:51 Detection Avoidance                                                       
13:34 Stuxnet's Legacy -  Exploiting automation device design issues
14:33 Lessons learned from Stuxnet                                  
16:00 Protecting against the Son of Stuxnet                       
17:35 ANSI / ISA 99 - Using Defense in Depth               
19:14 Using Zones - Defining zones and conduits            
21:35 SCADA / ICS - Eric discusses approiprate technologies
23:53 Make Security Simple                                                
24:55 Closing thoughts                                                 

Watch Eric's Presentation of "Control System Security in a Post-Stuxnet World" on the GlobalSpec Website

Related Links