Practical SCADA Security

Control System Security Threats, Security / Reliability Incidents, Useful Industrial Cyber Security Tips

submitted by: Eric Byres
on: Tue, 2011-07-26 14:39

Last week the Unites States’ Department of Homeland Security (DHS) released a report on “Insider Threat to Utilities” that has been getting a lot of attention in the mainstream media. While released “For Official Use Only (FOUO)”, the

submitted by: Eric Byres
on: Wed, 2011-07-20 12:56

Earlier this month I came across a great article called “The new paradigm for utility information security: assume your security system has already been breached” by Ernie Hayden of Verizon’s Global Energy & Utility Practice.  I highly recommend you read it, for the reasons I explain in this blog post.

 

submitted by: Eric Byres
on: Thu, 2011-07-07 14:30

This article continues our review of Siemens’ announcements and posture regarding cyber security as reflected at their Automation Summit last week.  Part 1 of this post was published yesterday.

New Siemens Products for Enhanced Cyber Security

Christoph Lehmann, from Siemens Germany, focused on many of the new products and services that Siemens is currently developing (or has recently released) to improve control system security.  A few noteworthy ones are mentioned here.

submitted by: Eric Byres
on: Wed, 2011-07-06 12:44

The Siemens Automation Summit was held last week and both Joel Langill and I attended it, presented at it, and engaged in social media commentary regarding it.  This article will summarize our opinion of Siemens’ announcements and posture regarding cyber security as we reflected on the conference.  We assign grades to various aspects of Siemens’ cyber security measures or policies, and we will sum it up with a final grade at the end of Part 2.

submitted by: Eric Byres
on: Mon, 2011-06-20 09:59

Last week in his blog article, Fix the Problem, Stop Bailing out Vendors, Dale Peterson made an impassioned statement that the SCADA security community:

“needs to put all our efforts and emphasis in the PLC, RTU, controller space on getting vendors to add basic security features to their models available for sale today… We should not say or pretend that any other solution besides this is acceptable. Fix the problem!”