Tag Archives: control systems security

Skip NERC CIP version 4 and go straight to version 5

Posted on by
Reply
On April 18th, 2013 FERC held a meeting in which it heard from NERC regarding the proposed Critical Infrastructure Protection version 5 standards. The committee voted to skip version 4 and move straight to version 5, and the recently issued Presidential executive order on critical infrastructure cyber security appeared to largely be the driving force behind the rapid movement. Some of the major changes for version 5 include: New risk-based tiered classification system for cyber assets: High, Me << More >>

Managing Change to Minimize Risk in Industrial Control Systems

Posted on by
Reply
Recently the Aberdeen Group published a blog post hosted on Automation.com regarding the Aberdeen Group’s report titled “Operational Risk Management: Managing Change to Improve Productivity and Minimize Risk”. While the blog post does not specifically call out risk to “cyber” assets, the comparison is easy to make and an overlap of the findings becomes clearer. Also, given the complexity of today’s industrial control system environments, a lot of readers will be shaking their heads i << More >>

ABB qualifies additional integration with Industrial Defender ASM; see it at ABB APW or online

Posted on by
Reply
“The integration and qualification of Industrial Defender’s ASM Manage as part of System 800xA combines industry-leading technologies so that customers can better monitor, manage, and protect their critical control system operations.”   - Jonas Brannvall, ABB Global Group Product Manager Just in time to show off Industrial Defender ASM integration at ABB Automation Power World 2013, ABB’s System 800xA product team has qualified the integration of their System 800xA with our flagship, A << More >>

“Who’s Really Attacking Your ICS Equipment?” whitepaper released by TrendMicro

Posted on by
Reply
TrendMicro released a whitepaper by researcher Kyle Wilhoit, who also presented the “Who’s Really Attacking Your ICS Equipment?” research at the Black Hat EU 2013 conference in Amsterdam. The research presented Wilhoit’s observations of attacks on an Internet-facing honeypots set up to detect who and/or what is attacking ICS/SCADA devices that are on the Internet. Wilhoit’s honeypots, a mix of high and low-interaction honeypots, were designed to mimic the setup of a water pressure stat << More >>

Distributech wrap up

Posted on by
Reply
While the focus of Distributech is the distribution component of utilities, the discussions spanned the “Smart Grid” gamut. Demand response, advanced metering infrastructure (AMI), distribution management systems, clean energy production, and securing the grid were some of the highlights of the opening keynote presentations. It’s no secret there is demand on the grid like never before. The last 10 years have provided technological advancements that are putting the need for demand response << More >>

OT vs. IT; the debate continues. ICS Security improving none-the-less

Posted on by
Reply
The difference in perspectives and power struggles between It and OT continue slow the pace of improvements in SCADA and critical infrastructure security according to a recently published CSO Magazine article. Last week, ICS CERT announced the findings of two separate incidents where energy industry assets were infected with malware due to compromised USB devices. Over the past few years, concerns have grown as we’ve seen attacks like Stuxnet and Flame target Industrial Control Systems systems << More >>

What a year! The market to Monitor, Manage, and Protect industrial automation systems emerges.

Posted on by
Reply
In 2012 Industrial Defender witnessed a major market shift as global critical infrastructure operators responded to the series of issues including escalating cybersecurity attacks, increasing ICS complexity, proliferation of intelligent devices, and imminent regulatory evolution.  The market has acknowledged the need for advanced technologies to automate the management of their heterogeneous control systems and has begun large-scale projects to enhance their security, compliance and change mana << More >>

A New European Report Addresses Smart Grid Security

Posted on by
Reply
This week, the European Network and Information Security Agency (ENISA) issued a report outlining the challenges faced when protecting power grids. Along with this report, Europe’s cyber security agency included a framework to be used when establishing procedures to secure smart grids. According to the report, a risk-based approach is key to a secure implementation. Our Kim Legelis shared thoughts with Fahmida Rashid of SecurityWeek, which highlighted that a risk-based approach to smart grid s << More >>

Top 10 Recommendations for OT Compliance Managers On Change Management

Posted on by
Reply
Change management is on top of mind for most compliance managers in Operational Technology (OT) driven industries. The following are Top 10 practical recommendations that have worked with our customers’ compliance managers who are trying to push technologies and processes around change management. 10. Start with Large Breadth of Use Cases on a Small Depth of Hosts The Compliance Manager should start with the complete breadth of technical and business use cases he wants to cover as part of the << More >>

ICS – Not the same as securing the Enterprise

Posted on by
Reply
Cyber attacks are on the rise – we’ve seen it time and time again with breaches spanning both the enterprise (LinkedIn and Yahoo password leaks) and the ICS environment (Stuxnet and Shamoon). According to Godfrey Budd of New Technology Magazine: “It’s not just Fortune 500 companies that are targeted. An estimated 18 percent of attacks target companies with less than 250 employees, while about 50 percent are aimed at ones with less than 2,500.” With cyber criminals targeting various org << More >>