Cyber Security Lesson’s from Iran: The Sequel

Posted on April 26, 2012 by Kim Legelis

While no one is yet crying over spilled oil, it appears that once again Iran’s energy infrastructure has fallen victim to cyber security disruption. As reported in The New York Times , it seems that fears of operational impact on Iranian oil terminals caused officials there to unplug their facilities from the internet in order to avoid damage for the “wiper” virus. Surely this is harder than it sounds and has far reaching implications when it comes to system restoration. We can all lea << More >>

Log Management and Auditing from ICS CERT

Posted on April 25, 2012 by Kim Legelis

For those of you concerned with Industrial Control System (ICS) Security, the DHS ICS-CERT is an invaluable resource. In their most recent ICS CERT Newsletter (p2) the Situational Awareness section focuses on failures and fixes for logging and event monitoring. “ICS CERT found that ineffective auditing and logging was one of the most consistent technical issues/obstacles encountered when responding to onsite incident visits.” The lesson’s learned this from the folks that provide i << More >>

Use Cases in Automation Systems Management – Software Inventory and Version Details

Posted on April 23, 2012 by MIke Dugent

This is a continuation of a series discussing different use cases in Automation Systems Management, and will focus on the operational advantages of knowing exactly what software is running on the control systems in your environment. This post is coming to you from ABB Automation and Power World in Houston, Texas, so if you happen to be here as you read this come find us in booth 8 of the Technology Expo. To see the first part of this series on managing ports and services, click here. Here’s a << More >>

Why Smart Meters Need To Be Smarter

Posted on April 13, 2012 by Kim Legelis

Smart meters are designed to provide efficient and reliable electricity services and rates throughout the day. So what happens when these systems become compromised? Hundreds of millions of dollars goes missing… annually. The most recent case of this theft was announced in a cyber intelligence bulletin, in which the FBI disclosed information about a hack that occurred on a Puerto Rico smart meter. Hacking meters is not a new issue. However, with the advancement of digital smart meters, hackers << More >>

Hacking Digital Smart Meters Is Becoming Too Easy

Posted on April 11, 2012 by Kim Legelis

Recently, in a cyber intelligence bulletin obtained by KrebsOnSecurity, the FBI disclosed information about a hack that occurred on a Puerto Rico smart meter, which is the first known report of a hack on a digital smart meter. This intelligent attack was devised by hackers who communicated with the computer system and changed the software setting to halt the measuring usage of the meter. GreenTech Media called upon Industrial Defender to shed some light on the situation and explain what this mea << More >>

ABB makes the tough, but right choice to not patch in latest advisory

Posted on April 9, 2012 by Jacob Kitchel

On April 5, 2012, ICS-CERT issued an advisory regarding buffer overflows in the COM and ActiveX scripting interfaces to the ABB WebWare Server application discovered by Billy Rios and Terry McCorkle. Threatpost also covered the advisory as a follow up to previous coverage of Rios’ and McCorkle’s “100 Bugs in 100 Days” project. At first glance, it would be easy to be perplexed or outraged that a software vendor would refuse to provide a patch for a security issue. The reality is that this << More >>

The Latest and Hottest Security Strategy: Whitelisting

Posted on April 5, 2012 by Kim Legelis

Whitelist is defined as: a list of approved entities that are granted access to specific tasks. So, what does this term mean for critical infrastructures? How does whitelisting help secure our most important automated systems? Once again, Automation World turned to Industrial Defender to provide further explanations about this latest trend in security. The article highlights how whitelisting enables the industrial sector to institute an exclusive level of security by allowing only pre-approved a << More >>

Weighing in on the Effect of Stuxnet

Posted on April 3, 2012 by Kim Legelis

Nearly two years after Stuxnet, cyber security experts are still weary of the effect this worm had on the safety of the nation’s critical infrastructure. The dialogue among experts in the industrial cyber security industry has switched from only operators talking about it to company executives now getting involved. The discussion is now focusing on developing a more unified approach to security. Automation World turned to security experts to identify the changing conversations within the cyber << More >>

M	T	W	T	F	S	S
« Mar				May »
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

ICS Perspectives

Monthly Archives: April 2012