November 2012

SCADA Security Basics: Integrity Trumps Availability

Submitted by Eric Byres on Tue, 2012-11-06 11:12

In last week's blog, Heather wrote an excellent summary of Mark Cooksley's network security presentation regarding "Why Industrial Networks are Different than IT Networks". In it she noted that the number one goal of ICS security is based on the concern for safety. This is spot-on in my opinion. However, there is more to consider when it comes to industrial security priorities…

Address SCADA Security Vulnerabilities NOW, Not Later (plus CoDeSys White Paper)

Submitted by Eric Byres on Thu, 2012-11-08 10:28

Who is responsible for fixing the thousands (some say 100,000) of vulnerabilities that exist in PLCs, DCS, RTUs and other automation devices that are in use in facilities around the world?

On the one hand, we have the position of Dale Peterson at Digital Bond. Dale ardently argues for (and takes) aggressive measures to pressure ICS vendors into making their products more secure. Through their 2012 Project Basecamp and subsequent disclosures, Digital Bond publically released vulnerability details for a large number of controllers.

Making SCADA Security Simple with the Schneider ConneXium Tofino Firewall

Submitted by Eric Byres on Wed, 2012-11-14 10:45

“Lacking extravagant IT budgets, automation systems also require cyber security systems that just work, with a minimum of human intervention.”

3rd Annual Controls Engineer Holiday Gift Suggestion

Submitted by Joann Byres on Tue, 2012-11-20 11:29

Last year Eric’s holiday gift suggestion got his culinary juices flowing with the idea of a sous-vide oven; or for the true controls engineer, the plans to build your own. He was pleasantly surprised a few weeks later, when a sous-vide oven arrived under the tree.

Major Manufacturer Admits PLC Security Breach

Submitted by S. Claus on Tue, 2012-11-27 10:15

Editor's Note