Protecting Our Critical Infrastructure

Posted on November 8, 2012 by Kim Legelis

As security professionals are aware, SCADA security is something to be taken very seriously. However, it wasn’t until Stuxnet that awareness of these vulnerabilities increased and people understood the serious repercussions of a breach. We’re seeing now that Stuxnet was just the beginning. In recent times, more malware targeting SCADA systems has appeared (Flame, Duqu, Shamoon) and progress has been slow to secure these systems. Walt Sikora, vice president of security solutions at Industrial << More >>

Cyber attackers move to target critical infrastructure system suppliers

Posted on September 27, 2012 by Brian Ahern

This week’s news identifies a cyber-attack perpetrated against a key supplier of automation system technologies used in multiple critical infrastructure sectors. This latest news underscores the sophistication and the targeted nature of the attacks on critical infrastructure, as well as suppliers. It is representative of the determination and malicious intent of those intending to undermine global critical infrastructure. With DHS ICS CERT investigating 400% more incidents last year, it’s << More >>

Shamoon – Options for Critical Infrastructure

Posted on August 29, 2012 by Venkat Pothamsetty

Saudi Aramco recently got hit with a targeted virus infecting several of its computers, replacing critical files on the assets with an image. Though the particular attack is targeted at Saudi Aramco, Shamoon highlights the need for the Critical Infrastructure (CI) operators such as those in energy, pipeline, gas, and utilities to carefully look at their security postures and prepare to prevent, mitigate and survive such attacks. Fortunately there are a few simple actions that can be taken right << More >>

Black Hat Report from the Field Day Two:

Posted on July 27, 2012 by Jacob Kitchel

Industrial Defender’s Jacob Kitchel is on the ground attending Black Hat 2012. From the Las Vegas heat he’s interpreting sessions and research that related to automation system and industrial control system operations. BH Session: Spanish Security Researcher has a Nose for Backdoors Talk Title: Here Be Backdoors: A Journey into the Secretes of Industrial Firmware As truffle hunters across Europe use pigs to sniff out truffles, Spanish Security Researcher Ruben Santamarta uses his skills to << More >>

BlackHat Report from the Field Day One:

Posted on July 26, 2012 by Jacob Kitchel

Industrial Defender’s Jacob Kitchel is on the ground attending BlackHat 2012. From the Las Vegas heat he’d interpreting session and research that related to automation system and industrial control system operations. BH Session: GHz or Bust Researchers demonstrate sub-GHz radio is no longer a barrier to security testing Researchers at the annual Blackhat USA security conference in Las Vegas demonstrated that sub-GHz hardware and wireless technology, which has traditionally been unr << More >>

OT and IT Are Not Made Equal

Posted on July 23, 2012 by Kim Legelis

When it comes to power generation, chemical processing or oil production, not all computer networks can be treated equal. Though they appear to share similar technologies, information technology (IT) networks and operational technology (OT) networks are two very different environments. And, unfortunately, the traditional means of security, such as patching, do not work for critical infrastructure systems. Kim Legelis, vice president of marketing at Industrial Defender, recently spoke with Fahmid << More >>

A Review of the Electric Subsector Cybersecurity Capability Maturity Model (ES-C2M2)

Posted on June 8, 2012 by Jacob Kitchel

What is the ES-C2M2? On May 31, 2012, the Electric Subsector Cybersecurity Capability Maturity Model (ES-C2M2) was released by the Department of Energy (DOE) in conjunction with the Department of Homeland Security (DHS) as a White House supported initiative. The advisory group which contributed to the initiative included representatives from industry associations, utilities, government, and over 40 subject matter experts (SMEs). The objectives of the model are to: Strengthen cybersecurity capab << More >>

How to Make BYOD Work

Posted on May 11, 2012 by Kim Legelis

This year’s IBM X-Force report focused on the growing trend of “Bring your Own Device,” or BYOD. It reported a 19 percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. Workers bring in various mobile devices that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers to use the device as an access points. So, what does BYOD mean for ICS? Kevin McCaney, managing editor of Gover << More >>

Safety vs. Security

Posted on May 8, 2012 by Kim Legelis

Most assume that safety and security go together and are basically synonymous concepts. However, over the years experts in the ICS industry have continuously emphasized the physical safety in organizations and put less focus on the security aspect. IT professionals in these environments are now being confronted with real consequences due to a lack of security measures. Stuxnet is a perfect example of what happens when security precautions are ignored. Operators, IT managers and directors must no << More >>

Cyber Security Lesson’s from Iran: The Sequel

Posted on April 26, 2012 by Kim Legelis

While no one is yet crying over spilled oil, it appears that once again Iran’s energy infrastructure has fallen victim to cyber security disruption. As reported in The New York Times , it seems that fears of operational impact on Iranian oil terminals caused officials there to unplug their facilities from the internet in order to avoid damage for the “wiper” virus. Surely this is harder than it sounds and has far reaching implications when it comes to system restoration. We can all lea << More >>

M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

ICS Perspectives

Category Archives: Defense in depth