Articles & Presentations

Presentation from:  Byres Security, November 2010

OPC Classic is a software interface technology used to facilitate the transfer of data between different industrial control systems. Unfortunately, securely deploying OPC Classic has proven to be a challenge until recentl

Article in: Hydrocarbon Engineering, October 2010

Every month security researchers discover hundreds of new worms and viruses attacking the world's computer systems. Usually, few in supervisory control and data acquisition (SCADA) and process control take notice

As cyber attacks and espionage against critical infrastructure increase the US government is launching a program to protect critical infrastructure.  This program will target older computer control systems and its goal is to close serious security vulnerabilities in control and automation systems.

U.S. Plans Cyber Shield for Utilities, Companies

The Wall Street Journal
July 8th, 2010

Article in:  ControlGlobal, June 2010

The majority of control system cyber threats are unintentional, as discussed in this article that summarizes data from the Repository of Industrial Security Incidents (RISI).  Tips on how to start reducing the risk of cyber threats are provided.

Could Cyber Terrorists Attack Our Company?

AutomationWorld highlights the rise in cyber incidents affecting control systems.  This new report lays out trends seen in 2009 and makes comparisons to historical data.

The House on February 4th, 2010, passed a bill aimed at building up the United States' cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online.

Proliferating use of wireless technologies sets up conflicts between the federal CIP standards and FCC regulations, say the authors of a newly available White Paper. To mitigate wireless cyber security risks, they recommend a defense-in-depth approach.

Article in: Chemical Processing, September 2009

Protecting your Plant, written by Byres Security CTO Eric Byres, has been recognized with a Midwest Silver award from the American Society of Business Publications Editors (ASBPE)....

Article in: Pipeline & Gas Journal, February 2009

Eric Byres, CTO of Tofino Security, has published an article about cyber security and pipeline control systems in Pipeline and Gas Journal.....

CYBER SECURITY AND THE PIPELINE CONTROL SYSTEM

Video From: Byres Security, October 2008

Eric Byres, CTO of Byres Security, presents the seven steps to industrial-strength security with Tofino™.

Video From: Byres Security, October 2008

In this video  Eric Byres, CTO of Byres Security, describes how the Tofino™ Industrial Security Solution protects critical infrastructure from threats that penetrate or bypass IT firewalls.....

Article in: IEEE Security & Privacy, January/February 2008

The ability to efficiently compare differing security solutions for effectiveness is often considered lacking from a management perspective. To address this we propose a framework for estimating the mean time-to-compromise (MTTC) of a target system for use as a comparative security metric. This MTTC is calculated through a three step process.

First a topological map of the target system is divided into attack zones, allowing each zone to be described with its own state-space model (SSM).

Article in: CONTROL Magazine, January 2008

The average corporate desktop is far more secure than the average PLC, yet the PLC is the asset that is far more valuable to company.

Article in: InTech Magazine, December 2007

Over the past 10 years, the industrial controls (IC) world has borrowed substantially from the world of information technologies (IT)...

Eric Byres, Jim Bauhs, and Brian Mason; "Forget the Silos, Build the Bridge", InTech Magazine, December 2007

Article in: CONTROL Magazine, December 2007

We will probably never know how the Slammer worm made it into this facility, but the fact is that once the worm was on the inside, it found a very soft target and really could begin to do its worst...

Eric Byres; "Wolves at the Door(s) of the House of Straw", CONTROL Magazine, December 2007

Article in: InTech Magazine, October 2007

Anyone reading InTech over the last five years will have seen many articles on the need to secure control systems from cyber attack. Nearly all include descriptions of actual security incidents that will concern even the most hardened control specialist...

Eric Byres; "Making Cyber Security Work in the Refinery", InTech Magazine, October 2007

Article in: InTech, March 2007

Today sound security strategy, regardless of whether it is military, physical, or cyber security, leverages the concept of “Defense in Depth.” Effective security comes by layering multiple security solutions, so if the one fails, another takes up the torch of defense.

In this article, Eric Byres goes into detail about the Defense-in-Depth strategy and explains how companies cannot keep relying on traditional firewalls with a single point of failure.

Article in: InTech Magazine, January 2006

To ensure the safety and security of the process, company, and staff, find the vulnerabilities and break a negative chain of events...