Blog Posts Tagged with "SCADA"
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.
April 03, 2013 Added by:Steve Ragan
ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.
April 01, 2013 Added by:Joe Weiss
Industrial control systems (ICSs) were designed for reliability and safety and to enable system operability and functionality. Many ICSs were originally designed before networking was commonplace. Consequently, cyber security was not a design consideration.
March 26, 2013 Added by:Eric Byres
Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...
March 15, 2013 Added by:Eric Byres
After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.
March 04, 2013 Added by:Joe Weiss
SANS has published their SANS SCADA and Process Control Security Survey. The results paint a very confusing picture and actually demonstrate the existing approaches to awareness and security are not working.
February 26, 2013 Added by:Mike Lennon
According to Symantec, Stuxnet Version 0.5, an earlier and less sophisticated version of Stuxnet, was designed to close crucial valves that feed uranium hexafluoride gas into the centrifuges, causing serious damage to the centrifuges and the uranium enrichment system as a whole.
February 20, 2013 Added by:Eric Byres
Like icebergs, mobile technology has become an unstoppable force of nature. They have invaded the corporate office – is the plant floor the next frontier? What is your company doing about mobile devices on the plant floor? Does it have a strategy?
February 12, 2013 Added by:Eric Byres
Something I believe industry urgently needs is better standards for information exchange between security solutions. Unfortunately while TCG has had feedback from the IT community, they have received little from the SCADA or ICS community. I encourage everyone involved with SCADA and ICS security to review the specification.
February 01, 2013 Added by:Eric Byres
You see, every January I get asked to make between three and five predictions for the upcoming year. Then every December people remind me that I made those predictions 12 months ago. Then they get to tell me how poorly I did.
January 02, 2013 Added by:Pierluigi Paganini
CNET web site has published a news on a secret National Security Agency program named Perfect Citizen that is targeting on large-scale the control systems inside utilities, including power grid and gas pipeline controllers, with the purpose to discover security vulnerabilities.
December 16, 2012 Added by:Jayson Wylie
An FBI report details what could be the hacking elite sect of Anonymous, Antisec, using a backdoor to compromise an air-conditioning control system in New Jersey. This leaves me to the question of how vulnerable the government and private sectors are for these types of compromise...
November 18, 2012 Added by:Michele Westergaard
Cyber security threats to the utility industry are increasing in number and sophistication. The North American Reliability Corporation (NERC) is increasing the Critical Infrastructure Protection (CIP) regulatory requirements to ensure facilities are meeting basic standards in this area...
November 06, 2012 Added by:Larry Karisny
Cyber Security Expert Joe Weiss has spearheaded the ICS Cyber Security Conference for 12 years and when he calls in the troops, the best come to serve. Last month’s conference held at Old Dominion University's Virginia Modeling Analysis and Simulation Center -- VMASC in Suffolk, Va. -- was no different...
October 31, 2012 Added by:Jayson Wylie
There seems to be some political purpose to the current interests around Kaspersky. They are becoming involved in investigating malware of a cyber weapon nature instead of the constant pursuit of Trojan variants and financial fraud that is more damaging to the masses originating around their home office...
October 11, 2012 Added by:Ben Rothke
The Stuxnet computer worm of mid-2010 was a huge wake-up call for the energy industry. It also catapulted SCADA from an obscure term to the forefront of industrial security. But nearly two years later, it is unclear if the energy sector is adequately prepared for sophisticated information security threats...
FCC Seeks Public Comment on Mobile Data Coll... taylor white on 07-24-2014
Mobile Security: Tips for Using Personal Dev... taylor white on 07-24-2014
Nortel: From Bankruptcy to Industrial Espion... Eddie colin on 07-23-2014