Blog Posts Tagged with "SCADA"

682e0e796084e163c5ca053dd8573b0c

SCADA and ICS Cyber Security - Facing the Facts

May 05, 2013 Added by:Eric Byres

In the past, the main reason for securing a SCADA/ICS network was to protect against inadvertent network incidents or attacks from insiders. The risk of an external malicious cyber-attack was considered minimal.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

Securing SCADA Systems - Why Choose Compensating Controls?

April 12, 2013 Added by:Eric Byres

This week, Eric looks at the pros and cons of using compensating controls as an alternative to patching, and discuss the requirements for success.

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure

April 09, 2013 Added by:Ben Rothke

In Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure, authors Eric Knapp and Raj Samani provide and excellent overview on what the smart grid is and how it can be secured.

Comments  (1)

682e0e796084e163c5ca053dd8573b0c

Making Patching Work for SCADA and Industrial Control System Security

April 05, 2013 Added by:Eric Byres

Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.

Comments  (0)

A58bf865b185e0e3f665473bf8f3ca6d

ICS-CERT Alerts of Mitsubishi MX SCADA Vulnerability

April 03, 2013 Added by:Steve Ragan

ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

The Threat to Industrial Control Systems from Physical Persistent Design Features (PPDF)

April 01, 2013 Added by:Joe Weiss

Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

SCADA and ICS Security Patching: The Good, the Bad and the Ugly

March 26, 2013 Added by:Eric Byres

Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...

Comments  (1)

682e0e796084e163c5ca053dd8573b0c

SCADA and ICS Security: Welcome to the Patching Treadmill

March 15, 2013 Added by:Eric Byres

After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

SANS SCADA and Process Control Security Survey - The State of the Industry is Discouraging

March 04, 2013 Added by:Joe Weiss

SANS has published their SANS SCADA and Process Control Security Survey. The results paint a very confusing picture and actually demonstrate the existing approaches to awareness and security are not working.

Comments  (0)

306708aaf995cf6a77d3083885b60907

Symantec Uncovers Earliest Known Version of Stuxnet (Version 0.5)

February 26, 2013 Added by:Mike Lennon

According to Symantec, Stuxnet Version 0.5, an earlier and less sophisticated version of Stuxnet, was designed to close crucial valves that feed uranium hexafluoride gas into the centrifuges, causing serious damage to the centrifuges and the uranium enrichment system as a whole.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

iPhones Are Coming to the Plant Floor – Can we Secure Them?

February 20, 2013 Added by:Eric Byres

Like icebergs, mobile technology has become an unstoppable force of nature. They have invaded the corporate office – is the plant floor the next frontier? What is your company doing about mobile devices on the plant floor? Does it have a strategy?

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

Time to Speak Up on New IF-MAP Specs for ICS and SCADA Security

February 12, 2013 Added by:Eric Byres

Something I believe industry urgently needs is better standards for information exchange between security solutions. Unfortunately while TCG has had feedback from the IT community, they have received little from the SCADA or ICS community. I encourage everyone involved with SCADA and ICS security to review the specification.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

SCADA Security Directions for 2013 - How Will ICS and SCADA Security Change in 2013?

February 01, 2013 Added by:Eric Byres

You see, every January I get asked to make between three and five predictions for the upcoming year. Then every December people remind me that I made those predictions 12 months ago. Then they get to tell me how poorly I did.

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Perfect Citizen, US vulnerability assessment program on critical infrastructures

January 02, 2013 Added by:Pierluigi Paganini

CNET web site has published a news on a secret National Security Agency program named Perfect Citizen that is targeting on large-scale the control systems inside utilities, including power grid and gas pipeline controllers, with the purpose to discover security vulnerabilities.

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

Hackers at the Controls

December 16, 2012 Added by:Jayson Wylie

An FBI report details what could be the hacking elite sect of Anonymous, Antisec, using a backdoor to compromise an air-conditioning control system in New Jersey. This leaves me to the question of how vulnerable the government and private sectors are for these types of compromise...

Comments  (1)

6462807771e81d9c33eb99307f5f3e77

Modernizing Physical Security and Incorporating Best Practices Into New Assets

November 18, 2012 Added by:Michele Westergaard

Cyber security threats to the utility industry are increasing in number and sophistication. The North American Reliability Corporation (NERC) is increasing the Critical Infrastructure Protection (CIP) regulatory requirements to ensure facilities are meeting basic standards in this area...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »