White Papers

Securing EtherNet/IP Control Systems using DPI

Next Generation Firewalls with Deep Packet Inspection (DPI) capabilities are now mainstream products for IT protocols. Unfortunately, designers and operators of industrial control systems (ICS) have not had access to these advanced technologies to protect their critical communications that involved protocols such as EtherNet/IPTM. This is a serious problem. Mission critical control systems need DPI technology even more than IT systems do.

Understanding Deep Packet Inspection for SCADA Security

The world’s manufacturing, energy and transportation infrastructures are currently facing a serious security crisis. These critical systems are largely based on legacy SCADA and Industrial Control System (ICS) products and protocols. Many of these products are decades old and were never designed with security in mind.

The good news is that there is an effective and easy-to-deploy solution to this security crisis. Using an advanced technology called “Deep Packet Inspection” (DPI), SCADA-aware firewalls offer fine-grained control of control system traffic.

Analysis of the 3S CoDeSys Security Vulnerabilities for Industrial Control System Professionals

A number of previously unknown security vulnerabilities in the CoDeSys Ladder Logic Runtime product, plus fully functional attack tools that exploit them, have been publically disclosed.

While CoDeSys is not widely known in the SCADA and ICS field, its product is embedded in many popular PLCs and industrial controllers. There is a risk that criminals or political groups may attempt to exploit the vulnerabilities for either financial or ideological gain. 

Using ANSI/ISA-99 Standards to Improve Control System Security

Today operators and engineers are under pressure to isolate automation systems at the same time as management is asking for greater interconnectedness. 

This White Paper explains how the “zone and conduit” model included in the ANSI/ISA-99 security standards provides a framework for helping deal with network security threats that arise from both the “push for productivity” and the fear of the next “Son-of-Stuxnet” worm.

7 Steps to ICS and SCADA Security

Cyber security threats, from sophisticated malware like Stuxnet, Night Dragon and Duqu, or from the publishing of an unprecedented number of security vulnerabilities, are causing a major disruption in the industrial automation market.

If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organization can get moving on more robust cyber security practices. 

Two industry veterans, Eric Byres and John Cusimano, combine industry standards, best practice materials, and their real-world experience to provide an easy-to-follow 7-step process for improved ICS and SCADA security.

Effective OPC Security for Control Systems

For the past decade, industrial control systems administrators and engineers wanted to believe that ‘air gaps’ or ‘security by obscurity’ would keep them safe from security threats.  Those days are over - recent security incidents such as the Stuxnet worm are a loud wakeup call for the industrial automation industry.

This White Paper explains the security advantages of limiting network interfaces and protocols, and recommends using OPC as a communications standard because of its ease of use and its widespread deployment.

Analysis of the 7-Technologies IGSS Security Vulnerabilities for Industrial Control System Professionals

A number of previously unknown security vulnerabilities in the 7-Technologies Interactive Graphics SCADA System (IGSS) product have been publically disclosed. The release of these vulnerabilities included proof-of-concept (PoC) exploit code.

This White Paper summarizes the current known facts about these vulnerabilities. It also summarizes the actions that operators of SCADA and ICS systems can take to protect critical operations.

Analysis of the ICONICS GENESIS Security Vulnerabilities for Industrial Control System Professionals

A number of previously unknown security vulnerabilities in the ICONICSTM GENESIS32TM and GENESIS64TM ICS/SCADA products have been publically disclosed.

This White Paper documents the current known facts about these vulnerabilities. It then summarizes the actions that operators of SCADA and ICS systems can take to protect critical operations.  

How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems

 Byres Security Abterra and SCADAhacker logos

The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems.

This paper describes an example of a site following high security architecture best practices and then shows the ways that the worm could make its way through the defences of the site to take control of the process and cause physical damage.

The paper closes with a discussion of the lessons that can be learned from the analysis of Stuxnet’s propagation pathways. It explains how owners of critical systems need to respond to protect control systems from future threats of this type.

Siemens PCS7 WinCC Malware

New Stuxnet White Paper: Analysis of the Siemens WinCC / PCS7 “Stuxnet” Malware for Industrial Control System Professionals.

Stuxnet is a computer worm designed to take advantage of a number of previously unknown vulnerabilities present in the Windows operating system and Siemens SIMATIC WinCC, PCS7 and S7 product lines.

It was designed to target one or more industrial systems that use Siemens PLCs with the apparent objective of sabotaging industrial processes.

This White Paper summarizes the current known facts about the Stuxnet worm and the actions that operators of SCADA and ICS systems can take to protect critical operations.

Also included is Joel Langill's excellent video that shows in detail how Stuxnet infects a system.

Pages