Practical SCADA Security

Control System Security Threats, Security / Reliability Incidents, Useful Industrial Cyber Security Tips

Stuxnet Lesson: Is SCADA/Control Field Device Firmware the Next Malware Target?
submitted by: rahulsebos
on: Tue, 2011-01-04 13:55

In the post-Stuxnet cyber security world, many vendors are actively thinking about protective measures that could prevent a similar attack on industrial systems.

Such measures could be implemented at the PC-level, the PLC-level, or even the Profibus or device-level. They could include methods such as antivirus-scanners, firewalls, patch management, password policies, USB usage policies, code integrity checkers, etc. However, all of these measures are ones that are implemented at the highest levels of an industrial system.

Read more

Happy Holidays from Byres Security
submitted by: Eric Byres
on: Wed, 2010-12-22 08:46

http://www.tofinosecurity.com/sites/default/files/christmasShot2010_web1.jpg


Happy Holidays from Byres Security!

As we come to the end of another year, the team at Byres Security would like to wish our readers, web members and customers a joy-filled holiday season and a happy New Year.

Read more

Human Centered Design is Key to Industrial Control Systems Security and Safety
submitted by: Ron Southworth
on: Tue, 2010-12-21 21:00

In reviewing material about Industrial Control Systems (ICS) there is one element that, in my opinion, is the most important factor to consider - especially in light of the recent hubbub about Stuxnet and ICS Security. That element is human centered design.

Every aspect of the control system life cycle, whether it is Concept, Design, Construction, Operation, Maintenance, Safety or Security, includes the human element. It is nothing new, but we all see time and time again where human factors, rather than technical factors play a major role in security and or safety issues.

Read more

Password Reuse – Control Networks Double the Risk
submitted by: Eric Byres
on: Wed, 2010-12-15 14:28

Last week Jason Holcomb at Digital Bond wrote a great article called “Everybody Knows Your Passwords” on the issues of default passwords. In it he talked about how some control system vendors continue to bury hidden “default” passwords in their system. As Stuxnet illustrated, these passwords can be later accessed by malware or hackers, making them the perfect backdoor into a company’s operations.

Read more

Stuxnet and DoS Attacks on SCADA News Lists means Increased Risk for Industrial Control Systems
submitted by: Ron Southworth
on: Wed, 2010-12-08 15:56

Thanks to all the publicity around Stuxnet, there has also been growing interest regarding the reported Denial of Service (DoS) attacks against the industry mail list that I sponsor, SCADAPerspective. I want to take this opportunity to set the record straight on what actually happened back in July 2010 and to let you know why it signifies increased risk for all industrial control systems.

Read more

Eric Byres

The opinions expressed here are the personal opinions of the Contributors. Content published here does not necessarily represent the views and opinions of Tofino Security

© Tofino Security 2013

All Rights Reserved.