Category Archives: Security

Managing Change to Minimize Risk in Industrial Control Systems

Posted on by
Reply
Recently the Aberdeen Group published a blog post hosted on Automation.com regarding the Aberdeen Group’s report titled “Operational Risk Management: Managing Change to Improve Productivity and Minimize Risk”. While the blog post does not specifically call out risk to “cyber” assets, the comparison is easy to make and an overlap of the findings becomes clearer. Also, given the complexity of today’s industrial control system environments, a lot of readers will be shaking their heads i << More >>

ABB qualifies additional integration with Industrial Defender ASM; see it at ABB APW or online

Posted on by
Reply
“The integration and qualification of Industrial Defender’s ASM Manage as part of System 800xA combines industry-leading technologies so that customers can better monitor, manage, and protect their critical control system operations.”   - Jonas Brannvall, ABB Global Group Product Manager Just in time to show off Industrial Defender ASM integration at ABB Automation Power World 2013, ABB’s System 800xA product team has qualified the integration of their System 800xA with our flagship, A << More >>

“Who’s Really Attacking Your ICS Equipment?” whitepaper released by TrendMicro

Posted on by
Reply
TrendMicro released a whitepaper by researcher Kyle Wilhoit, who also presented the “Who’s Really Attacking Your ICS Equipment?” research at the Black Hat EU 2013 conference in Amsterdam. The research presented Wilhoit’s observations of attacks on an Internet-facing honeypots set up to detect who and/or what is attacking ICS/SCADA devices that are on the Internet. Wilhoit’s honeypots, a mix of high and low-interaction honeypots, were designed to mimic the setup of a water pressure stat << More >>

NERC CIP v5 is Coming; START PREPARING NOW!

Posted on by
Reply
It’s official: NERC CIP version 5 (v5) is scheduled for approval in April 2013 by FERC (Federal Energy Regulatory Commission). Over the years, NERC (North American Electric Reliability Corporation) CIP (Critical Infrastructure Protection) has provided compliance regulations that stretch across the electric industry. Although NERC is a moderately young organization, the most recent version (version 4) extended its reach to additional organizations across the electric sector, including nuclear f << More >>

Distributech wrap up

Posted on by
Reply
While the focus of Distributech is the distribution component of utilities, the discussions spanned the “Smart Grid” gamut. Demand response, advanced metering infrastructure (AMI), distribution management systems, clean energy production, and securing the grid were some of the highlights of the opening keynote presentations. It’s no secret there is demand on the grid like never before. The last 10 years have provided technological advancements that are putting the need for demand response << More >>

OT vs. IT; the debate continues. ICS Security improving none-the-less

Posted on by
Reply
The difference in perspectives and power struggles between It and OT continue slow the pace of improvements in SCADA and critical infrastructure security according to a recently published CSO Magazine article. Last week, ICS CERT announced the findings of two separate incidents where energy industry assets were infected with malware due to compromised USB devices. Over the past few years, concerns have grown as we’ve seen attacks like Stuxnet and Flame target Industrial Control Systems systems << More >>

Red October: 3 mitigation strategies, and the need for cybersecurity basics

Posted on by
Reply
If you didn’t catch the Kaspersky report on Red October, check it out here. Their map shows just how wide spread it was. There will certainly be a thorough dissection of the malware over the coming weeks. While Red October didn’t specifically affecting industrial control systems the oil and gas infrastructure that has been known to be targeted is in UAE, Russia, Azerbaijan and Turkmenistan. What it is though is a good lesson in overall security basics and best practices. It really highlights << More >>

What a year! The market to Monitor, Manage, and Protect industrial automation systems emerges.

Posted on by
Reply
In 2012 Industrial Defender witnessed a major market shift as global critical infrastructure operators responded to the series of issues including escalating cybersecurity attacks, increasing ICS complexity, proliferation of intelligent devices, and imminent regulatory evolution.  The market has acknowledged the need for advanced technologies to automate the management of their heterogeneous control systems and has begun large-scale projects to enhance their security, compliance and change mana << More >>

Best Ways to Effectively Implement Change Management in ICS

Posted on by
Reply
ICS are the operational systems in which we rely upon to provide us with everyday essentials, such as power, natural gas and water. When these systems are working well and flawlessly, operators have little reason to alter or make innovative changes to them. Embarking on monumental changes is a huge undertaking for these control systems, most of which are very large and critical to normal functionalities for the general public. However, the time has come to upgrade and/or replace these aging, out << More >>

A New European Report Addresses Smart Grid Security

Posted on by
Reply
This week, the European Network and Information Security Agency (ENISA) issued a report outlining the challenges faced when protecting power grids. Along with this report, Europe’s cyber security agency included a framework to be used when establishing procedures to secure smart grids. According to the report, a risk-based approach is key to a secure implementation. Our Kim Legelis shared thoughts with Fahmida Rashid of SecurityWeek, which highlighted that a risk-based approach to smart grid s << More >>