Tag Archives: critical infrastructure

Skip NERC CIP version 4 and go straight to version 5

Posted on by
Reply
On April 18th, 2013 FERC held a meeting in which it heard from NERC regarding the proposed Critical Infrastructure Protection version 5 standards. The committee voted to skip version 4 and move straight to version 5, and the recently issued Presidential executive order on critical infrastructure cyber security appeared to largely be the driving force behind the rapid movement. Some of the major changes for version 5 include: New risk-based tiered classification system for cyber assets: High, Me << More >>

ABB qualifies additional integration with Industrial Defender ASM; see it at ABB APW or online

Posted on by
Reply
“The integration and qualification of Industrial Defender’s ASM Manage as part of System 800xA combines industry-leading technologies so that customers can better monitor, manage, and protect their critical control system operations.”   - Jonas Brannvall, ABB Global Group Product Manager Just in time to show off Industrial Defender ASM integration at ABB Automation Power World 2013, ABB’s System 800xA product team has qualified the integration of their System 800xA with our flagship, A << More >>

“Who’s Really Attacking Your ICS Equipment?” whitepaper released by TrendMicro

Posted on by
Reply
TrendMicro released a whitepaper by researcher Kyle Wilhoit, who also presented the “Who’s Really Attacking Your ICS Equipment?” research at the Black Hat EU 2013 conference in Amsterdam. The research presented Wilhoit’s observations of attacks on an Internet-facing honeypots set up to detect who and/or what is attacking ICS/SCADA devices that are on the Internet. Wilhoit’s honeypots, a mix of high and low-interaction honeypots, were designed to mimic the setup of a water pressure stat << More >>

Distributech wrap up

Posted on by
Reply
While the focus of Distributech is the distribution component of utilities, the discussions spanned the “Smart Grid” gamut. Demand response, advanced metering infrastructure (AMI), distribution management systems, clean energy production, and securing the grid were some of the highlights of the opening keynote presentations. It’s no secret there is demand on the grid like never before. The last 10 years have provided technological advancements that are putting the need for demand response << More >>

OT vs. IT; the debate continues. ICS Security improving none-the-less

Posted on by
Reply
The difference in perspectives and power struggles between It and OT continue slow the pace of improvements in SCADA and critical infrastructure security according to a recently published CSO Magazine article. Last week, ICS CERT announced the findings of two separate incidents where energy industry assets were infected with malware due to compromised USB devices. Over the past few years, concerns have grown as we’ve seen attacks like Stuxnet and Flame target Industrial Control Systems systems << More >>

A New European Report Addresses Smart Grid Security

Posted on by
Reply
This week, the European Network and Information Security Agency (ENISA) issued a report outlining the challenges faced when protecting power grids. Along with this report, Europe’s cyber security agency included a framework to be used when establishing procedures to secure smart grids. According to the report, a risk-based approach is key to a secure implementation. Our Kim Legelis shared thoughts with Fahmida Rashid of SecurityWeek, which highlighted that a risk-based approach to smart grid s << More >>

Top 10 Recommendations for OT Compliance Managers On Change Management

Posted on by
Reply
Change management is on top of mind for most compliance managers in Operational Technology (OT) driven industries. The following are Top 10 practical recommendations that have worked with our customers’ compliance managers who are trying to push technologies and processes around change management. 10. Start with Large Breadth of Use Cases on a Small Depth of Hosts The Compliance Manager should start with the complete breadth of technical and business use cases he wants to cover as part of the << More >>

ICS – Not the same as securing the Enterprise

Posted on by
Reply
Cyber attacks are on the rise – we’ve seen it time and time again with breaches spanning both the enterprise (LinkedIn and Yahoo password leaks) and the ICS environment (Stuxnet and Shamoon). According to Godfrey Budd of New Technology Magazine: “It’s not just Fortune 500 companies that are targeted. An estimated 18 percent of attacks target companies with less than 250 employees, while about 50 percent are aimed at ones with less than 2,500.” With cyber criminals targeting various org << More >>

Whitelisting technology in demand; CoreTrace Acquired by Lumension

Posted on by
Reply
This week Lumension announced that it had acquired CoreTrace, Industrial Defender’s whitelisting partner, another sign that whitelisting is an essential technology in the fight against escalating cyber threats and the epidemic of malware. We recognized the importance of whitelist and took steps to find the right partner and ensure access to leading whitelisting technology.  Since 2010 Industrial Defender has been collaborating with CoreTrace and purchased the CoreTrace source code (read press << More >>

Protecting Our Critical Infrastructure

Posted on by
Reply
As security professionals are aware, SCADA security is something to be taken very seriously. However, it wasn’t until Stuxnet that awareness of these vulnerabilities increased and people understood the serious repercussions of a breach. We’re seeing now that Stuxnet was just the beginning. In recent times, more malware targeting SCADA systems has appeared (Flame, Duqu, Shamoon) and progress has been slow to secure these systems. Walt Sikora, vice president of security solutions at Industrial << More >>