Joel Langill

In Part 1 of this series, I explained what a stateless firewall is and the hazards of stateless security.  In this article I will show you just how dangerously insecure these devices are.

Following on from Eric Byres’ discussion of Deep Packet Inspection (DPI), this article discusses a second and equally important aspect of effective firewall security referred to as “stateful inspection”.

It has been almost 25 years since I first started working in the industrial network field and 15 years since I first focused on SCADA and ICS security.  From the start, I have been amazed at how difficult it is to get people to see the whole picture.

For example, control engineers know what a PLC or control loop is, but constantly underestimate the impacts that cyber threats have on their industrial processes.  IT professionals understand the risks, but often don’t understand the processes and components.

This article continues our review of Siemens’ announcements and posture regarding cyber security as reflected at their Automation Summit last week.  Part 1 of this post was published yesterday.

New Siemens Products for Enhanced Cyber Security

Christoph Lehmann, from Siemens Germany, focused on many of the new products and services that Siemens is currently developing (or has recently released) to improve control system security.  A few noteworthy ones are mentioned here.

The Siemens Automation Summit was held last week and both Joel Langill and I attended it, presented at it, and engaged in social media commentary regarding it.  This article will summarize our opinion of Siemens’ announcements and posture regarding cyber security as we reflected on the conference.  We assign grades to various aspects of Siemens’ cyber security measures or policies, and we will sum it up with a final grade at the end of Part 2.

Nowadays Stuxnet has become a household term the second anyone talks about cyber security for industrial control systems (ICS). This sophisticated piece of malware first identified in 2010, showed just how powerful an ICS compromise could be in terms of both the impact to manufacturing operations and the possibility of mechanical damage. Was this an isolated attack, unlikely to occur again, or the beginning of a new era in ICS security issues?

As mentioned in a blog article we wrote earlier this week, an Italian “Security Researcher” named Luigi Auriemma published thirty-four SCADA product vulnerabilities against four SCADA products (the complete list of vulnerabilities and companies is provided in the earlier article).

One of the unfortunate facts about security is that if you can find one vulnerability, you can usually find lots more. Vulnerabilities are not just bad luck – they are caused by a poor Software Security Assurance (SSA) process (or a complete lack of one). Next in line for blame are experienced professionals who do little in terms of security assessments prior to commissioning systems in actual production facilities.

Over the past four months, Joel Langill, Andrew Ginter and I have been working on a really cool research project. We have been investigating how Stuxnet would infect an industrial site protected by a “high security architecture.”