Submitted by Eric Byres on Wed, 2010-09-01 14:00
Just about everyone who has ever commissioned an OPC Classic-based system has at least one horror story about how product X did the really strange and unexpected. And if you are in the security business like me, often the story is about how the particular product violated every reasonable security requirement known to man.
Submitted by Eric Byres on Tue, 2010-08-31 15:33
One of the best things about the whole Stuxnet worm fiasco is that it has brought one of the biggest security issues – the use and abuse of passwords – into focus. Currently most of the discussion has focused on Siemens’ unfortunate use of fixed default passwords in their products (for example, see Joe Weiss’ post on http://news.infracritical.com/pipermail/scadasec/2010-August/001756.html).
Submitted by Scott Howard on Tue, 2010-08-17 17:50
We had a request recently from a reader to provide an example of a malicious attack by outsiders on a control system, how it was done, and what impact it had on the plant and the owner. This is surprisingly tough to do, because according to RISI the vast majority of security incidents are internal and/or accidental in nature. Additionally, people whose control systems have been hacked do not like to talk about it - why give attackers more info and ideas than they already have?
