Industrial Control Systems

682e0e796084e163c5ca053dd8573b0c

DNP3 Vulnerabilities Part 1 of 2: NERC’s Electronic Security Perimeter is Swiss Cheese

November 07, 2013 Added by:Eric Byres

If you have been following SCADA news in the last month, you might have noticed an avalanche of reports and blogs on new security vulnerabilities in power industry equipment. So far, vulnerability disclosures for 9 products using the DNP3 protocol have been released by the ICS-CERT, with another 21 SCADA product disclosures on their way.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

Enough Clucking – Start Fixing the SCADA Security Problem

September 12, 2013 Added by:Eric Byres

I am not a SCADA Apologist. If anything, I consider people like myself and Joel Langill to be SCADA Realists. Clearly Joel and I believe security is important. If we didn’t, we wouldn’t be in this business. And our clients don’t pay us to hear: “Do nothing; it’s the other guy’s fault.”

Comments  (0)

30b156aaa9e421081ba1235658abc523

The Electric Industry: Understanding Cyber Risk is Key to Resource Allocation

August 07, 2013 Added by:Lila Kee

Organizations, especially those involved in the electric industry, must view security investments as a viable risk-reduction tools that not only protect the nation’s way of life, but also investments they have made in their own businesses. To truly understand the risk that critical infrastructures face, and the level of security attention its different sectors require, you must first understand ...

Comments  (1)

6d117b57d55f63febe392e40a478011f

Securing Critical Infrastructure Through Information Sharing

July 24, 2013 Added by:Anthony M. Freed

In this panel discussion industry experts investigate the possible sources and application of the knowledge needed to secure critical infrastructure

Comments  (0)

6d117b57d55f63febe392e40a478011f

The Evolution of Industrial Control System Information Sharing

May 16, 2013 Added by:Anthony M. Freed

The Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, recently issued an advisory warning of an elevated risk of cyber-based attacks against companies that are tasked with administering systems that control elements of our nation’s critical infrastructure.

Comments  (12)

76e662e7786bf88946bd6c010c03ac65

Resilience ‒ The way to Survive a Cyber Attack

May 07, 2013 Added by:Jarno Limnéll

In reality, a well-prepared cyber attack does not need to last for 15 minutes to succeed. After preparations it takes only seconds to conduct the attack which may hit targets next door as well as those on the other side of the world.

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

Pentagon Ups Cyber Espionage Accusations Against China

May 07, 2013 Added by:InfosecIsland News

A new report from the Pentagon marked the most explicit statement yet from the United States that it believes China's cyber spying is focused on the US government, as well as American corporations.

Comments  (0)

76e662e7786bf88946bd6c010c03ac65

Cyber Security Goes Ballistic

April 16, 2013 Added by:Jarno Limnéll

Cyberweapons are now comparable to the ballistic nuclear missile arsenal of the US, which also resides under the jurisdiction of the President. Giving the President cyber-initiative responsibilities speaks volumes regarding the serious attitude to which they are treated.

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure

April 09, 2013 Added by:Ben Rothke

In Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure, authors Eric Knapp and Raj Samani provide and excellent overview on what the smart grid is and how it can be secured.

Comments  (1)

682e0e796084e163c5ca053dd8573b0c

Making Patching Work for SCADA and Industrial Control System Security

April 05, 2013 Added by:Eric Byres

Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

The Threat to Industrial Control Systems from Physical Persistent Design Features (PPDF)

April 01, 2013 Added by:Joe Weiss

Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

SCADA and ICS Security Patching: The Good, the Bad and the Ugly

March 26, 2013 Added by:Eric Byres

Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...

Comments  (1)

94ae16c30d35ee7345f3235dfb11113c

Congress is Hurting the U.S. Regarding Cybersecurity

March 19, 2013 Added by:Joel Harding

If Congress doesn’t wake up and begin asking serious questions around cybersecurity, their inattention is going to cause us great harm in the coming years.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Castle Has No Walls - Introducing Defensibility as an Enterprise Security Goal

March 19, 2013 Added by:Rafal Los

It's time to retire the "castle" analogy when it comes to talking about how real Information Security should behave. I still hear it used a lot, and if you walked around the show floor at RSA 2013 you noticed there is still a tremendous amount of focus and vendor push around 'keeping the bad guys out.'

Comments  (1)

682e0e796084e163c5ca053dd8573b0c

SCADA and ICS Security: Welcome to the Patching Treadmill

March 15, 2013 Added by:Eric Byres

After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

Time to Speak Up on New IF-MAP Specs for ICS and SCADA Security

February 12, 2013 Added by:Eric Byres

Something I believe industry urgently needs is better standards for information exchange between security solutions. Unfortunately while TCG has had feedback from the IT community, they have received little from the SCADA or ICS community. I encourage everyone involved with SCADA and ICS security to review the specification.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »