Blog Posts Tagged with "SCADA"
September 12, 2013 Added by:Eric Byres
I am not a SCADA Apologist. If anything, I consider people like myself and Joel Langill to be SCADA Realists. Clearly Joel and I believe security is important. If we didn’t, we wouldn’t be in this business. And our clients don’t pay us to hear: “Do nothing; it’s the other guy’s fault.”
July 24, 2013 Added by:Anthony M. Freed
In this panel discussion industry experts investigate the possible sources and application of the knowledge needed to secure critical infrastructure
June 10, 2013 Added by:Chris Blask
The Situational Awareness Reference Architecture (SARA) is what the ICS ISAC was created to foster, and to itself be a part of. Until this year, when evolutions in many areas have come together to provide the necessary foundations there has not been any value in trying to drive to a final specific definition of SARA. Today however, evidence that the stage is set for the final act is everywhere.
May 16, 2013 Added by:Francis Cianfrocca
Despite years of engineering, programming, reverse engineering, product development and a generous amount of FUD-driven marketing, the information security industry (loosely defined as representing the forces of good) lags far behind the innovation and sophistication of modern malware perpetrated by the forces of evil.
May 16, 2013 Added by:Anthony M. Freed
The Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, recently issued an advisory warning of an elevated risk of cyber-based attacks against companies that are tasked with administering systems that control elements of our nation’s critical infrastructure.
May 05, 2013 Added by:Eric Byres
In the past, the main reason for securing a SCADA/ICS network was to protect against inadvertent network incidents or attacks from insiders. The risk of an external malicious cyber-attack was considered minimal.
April 12, 2013 Added by:Eric Byres
This week, Eric looks at the pros and cons of using compensating controls as an alternative to patching, and discuss the requirements for success.
Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure
April 09, 2013 Added by:Ben Rothke
In Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure, authors Eric Knapp and Raj Samani provide and excellent overview on what the smart grid is and how it can be secured.
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.
April 03, 2013 Added by:Steve Ragan
ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.
April 01, 2013 Added by:Joe Weiss
Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.
March 26, 2013 Added by:Eric Byres
Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...
March 15, 2013 Added by:Eric Byres
After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.
March 04, 2013 Added by:Joe Weiss
SANS has published their SANS SCADA and Process Control Security Survey. The results paint a very confusing picture and actually demonstrate the existing approaches to awareness and security are not working.
February 26, 2013 Added by:Mike Lennon
According to Symantec, Stuxnet Version 0.5, an earlier and less sophisticated version of Stuxnet, was designed to close crucial valves that feed uranium hexafluoride gas into the centrifuges, causing serious damage to the centrifuges and the uranium enrichment system as a whole.
February 20, 2013 Added by:Eric Byres
Like icebergs, mobile technology has become an unstoppable force of nature. They have invaded the corporate office – is the plant floor the next frontier? What is your company doing about mobile devices on the plant floor? Does it have a strategy?
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015