Patching
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. If you never patch, you are leaving your system open to a decade of malware.
However, patching of live control systems has a lot of risks. As well, control systems can not support the onslaught of product patches common in IT. The IT world’s strategy of continuous patching simply does not work for the ICS world.
This section explores the challenges of designing and deploying patches for security flaws on control system products like DCS, PLCs and RTUs. There is also guidance on the use of compensating control-based solutions for security vulnerabilities in the world of automation and control. Tofino Security beleives that a combined approach of scheduled patching supported by rapid deployment of compensating controls will allow companies to reliably secure their control systems.
Application Notes
Articles
- Next Generation Cyber Attacks Target Oil And Gas SCADA
- The IT Department - Friend or Foe?
- Cyber Espionage comes to SCADA Security
- Cyber Wars
- SCADA Security: New Standards Protecting Old Technology
- New Strategies, Tools Keep Network Neighborhoods Cool
- Network Security Matures
- Cyber security for pipeline control systems
- Cyber Security Risks for Critical Infrastructure
- Industrial Networks Under Attack
- SCADA Security's Air Gap Fairy Tale
- Wolves at the Security House Door(s) , Part 2
- Wolves at the Door(s) of the House of Straw
- Cyber Security Threats: Expert Interview with Eric Byres, Part 1
- Using ANSI/ISA-99 standards to improve control system security
Blog Posts
- SCADA Security: Tofino provides an Alternative to Patching
- Enough Clucking – Start Fixing the SCADA Security Problem
- Patching for SCADA and ICS Security: The Good, the Bad and the Ugly
- A Nasty New World of Cyber Threats for ICS and SCADA Security
- Securing SCADA Systems: Why Choose Compensating Controls?
- Making SCADA Security Simple with the Schneider ConneXium Tofino Firewall
- Making Patching Work for SCADA and ICS Security
- S4 SCADA Security Symposium Takeaway: Time for a Revolution
- Antivirus Protection for SCADA Security - A Silver Bullet?
- SCADA Security: A Call-out to Control Engineers about Air Gaps
- Getting Started on ICS and SCADA Security (Part 2 of 2)
- Siemens PLC Security Vulnerabilities – It Just Gets Worse
- Protecting Siemens S7-1200 PLCs against Security Vulnerabilities, Part 3/3
- The Many Paths of Stuxnet – How Robust are Today’s Best Practice Systems?
- Stuxnet Guidance: The Good, the Bad and the Ugly
- The Amazing Mr. Stuxnet
- DNP3 Vulnerabilities Part 2 of 2 – Why DPI Firewalls Might be Industry’s Only Hope
- SCADA Security: Welcome to the Patching Treadmill
- Major Manufacturer Admits PLC Security Breach
- The Critical SCADA Security Patch that your Control System Isn’t Getting
- 7 Steps to ICS and SCADA Security plus White Paper
- Use Purchasing Decisions to Demand better ICS Security
- Schneider Vulnerabilities: Where are the ICS/SCADA End Users?
Press Releases
Videos and Presentations
- Digital Bond's S4 2012
- Protecting Your ICS from Zero-Day Attacks
- "Alternatives to Patching for more Secure & Reliable ICS" (KIACS 2014 Keynote Speech - Eric Byres)
White Papers
- Using ANSI/ISA-99 standards to improve control system security
- Securing Your OPC Classic Control System
- Comparing Electronic Battlefields: Using Mean Time-to-Compromise as a Comparative Security Metric
- Effective OPC Security for Control Systems
- Industrial Cybersecurity For Power System And SCADA Networks
- Finding the Security Holes before the Hackers Do
- Analysis of the 3S CoDeSys Security Vulnerabilities for Industrial Control System Professionals
- OPC Security White Paper #3 - Hardening Guidelines for OPC Hosts
- High Security Integration Using OPC
- OPC Security White Paper #2 - OPC Exposed
- How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems
- Siemens PCS7 WinCC Malware
- White Paper: “Solving the SCADA/ICS Security Patch Problem”
- 7 Steps to ICS and SCADA Security
- The Myths and Facts behind Cyber Security Risks for Industrial Control Systems