Articles & Presentations

Article from: A&D Magazine, www.AuD24.net (originally published in German)

In this article Eric Byres discusses how SCADA and industrial control systems are vulnerable to cyber attacks, such as Stuxnet and Stuxnet's children.

This vulnerability is unavoidable due to the fact that modern industry depends on electronic information from the outside world to operate. Find out about Eric's suggestions for mitigating this risk.

Article from: Pipeline & Gas Journal, February 2012

In this article Eric Byres discusses Stuxnet the well-designed ICS worm. He discusses what motivates worm creators and hackers, why we can't keep worms such as Stuxnet out of our systems, and how we can move forward in this new era of worms.

Eric Byres; "Next Generation Cyber Attacks Target Oil And Gas SCADA", Pipeline & Gas Journal, February 2012

Article in: EngineerIT Magazine, January 2012

OPC, originally called OLE for process control, is used extensively in control systems to provide interoperability between devices and software from different vendors.

In this article, Gary Friend of Extech Safety Systems provides a summary of the security issues related to OPC, and shows how an OPC enforcer can be used to protect OPC servers and clients.

Gary Friend; "Protecting OPC Servers", EngineerIT Magazine, EE Publishers, January 2012

Article from: arabianOilandGas.com, Utilities-me.com, January 2012

The protection of critical national infrastructure has long been a serious concern to governments in the Middle East.  Achieving this is no longer to limited to physical security; it now includes the very real and growing need to enhance cyber security.

Article in: Electric Energy Magazine, December 2011

Supervisory Control and Data Acquisition (SCADA) systems have undergone a technological revolution over the past 20 years that has been nothing short of mind-boggling.

In this article, Scott Howard, System Architect at Byres Security Inc., explains how the integration of new technologies can subject existing SCADA systems to new stresses and threat sources that the systems were never designed to handle.

Article from: Automation.com, November 2011

Automation.com ran two side-by-side articles in its Programmable Automation Controllers (PAC) Update eNewsletter:

Really, Really, Really Cyber Secure

Automation & Control Getting iPhone App Enabled

The contrast between these two articles beautifully captures an issue the automation industry must resolve in the next few years.

Eric Byres questions "must we sacrifice these gains in efficiency that modern technologies offer if we want our utilities and factories to be secure?"

Presentation from: Tofino Security, October 2011

"SCADA and CIP Security in a Post-Stuxnet World" summarizes a lot of information about the Stuxnet malware and how it has affected SCADA and CIP security. The presentation also goes into detail about the possibilities of a Son-of-Stuxnet.

The presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.

Presentation from: Byres Security, September 2011

This 2-part presentation, "Mission Critical Security in a Post-Stuxnet World," contains slides from the Hirschmann 2011 Mission Critical Network Design Seminar. It summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security.

The presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.

Created by Eric Byres, this 2-part presentation covers:

Article from: Automation.com, August 2011

Cyber Security is a hot topic that has become more intense since the notoriety of the Stuxnet virus.

In this article, Bill Lydon, Editor at Automation.com, interviews Eric Byres to gain a greater understanding of the challenges and solutions for industrial cyber security.

Stuxnet has clearly been a wakeup call for the industry and companies need to have cyber security plans if they want to protect their operations.

Article from: Automation.com, August 2011

The theory behind the air gap is that in a well-designed system, there is a physical gap preventing any communication between the control network and the business network.

In this article, Eric Byres talks about a fairy tale - but it's not the kind that has princes or frogs in it.

It is the myth of the “air gap” between control systems and the rest of the world. Believing in it leads to a false sense of complacency by both end users and vendors, making it a very dangerous fairy tale indeed.

Podcast from: Digitalbond.com, July 2011

Interview 1: Dale Peterson of DigitalBond.com talks with Eric Byres of Byres Security about the Siemens Automation Summit and the Responsibility of ICS Security Experts.

Podcast from: ZDNet.com, May 23, 2011

In this AusCERT-related podcast, Stilgherrian, Writer for ZDNet, interviews Eric Byres as he talks about the likelihood of seeing a "Son-of-Stuxnet" worm within the next year.

Other topics of the podcast about AusCERT include the insecurities of internet routing and the drama that started with a Facebook hack and ended with a journalist being arrested.

Podcast: Stuxnet, routing hacks and a seized iPad

Video From: SCADAhacker.com, April 2011

Cyber security for industrial control systems is now receiving a lot of attention due in part to the devastating power of the Stuxnet worm and its impact on the Iranian nuclear program in 2010, but also with the disclosure of 34 vulnerabilities on various control systems in March 2011.

Article in: InTech Web Exclusive, April 2011

The susceptibility of control systems to security issues continues to confront organizations. Although it is rare to penetrate a control system directly from the internet, the advanced hacker or typical worm still has many options created by corporate connections, remote support links, USB keys, laptops, etc.

Presentation from:  Byres Security, March 2011

"What Does Stuxent Mean for Industrial Control Systems - The Future of Critical Infrastructure Security"  summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security.

This presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.

Podcast from:  Digitalbond.com, February 2011

Dale Peterson of DigitalBond.com talks with Eric Byres CTO Tofino Security, Andrew Ginter of Abterra Technologies and Joel Langill of SCADAhacker.com, the three authors of the new 26-page whitepaper "How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems." 37:27 - 1:08:30

Other parts of the podcast:

Article in: InTech Magazine, January/February 2011

Anyone integrating automation technologies these days is well aware of the pressure on the operators of industrial plants to increase productivity, reduce costs, and share information in real time across multiple industrial and enterprise systems.

Article in:  Food Engineering, Jan 1, 2011

The potential for malicious behavior in food manufacturing is an ongoing issue, but security concerns also extend to workers and the controls that run today’s plants.

Podcast from:  Digitalbond.com, January 2011

In this podcast Dale Peterson, founder of Digital Bond, talks with Eric Byres about the new version of Tofino for Honeywell safety systems.

"This is an interesting tool to control the control system / safety system interface. Very limited in what gets through to the safety system, basically just Modbus TCP reads," remarked Dale. "It is also a zero config device which is very attractive for the ICS space."