Cyber attackers move to target critical infrastructure system suppliers

Posted on September 27, 2012 by Brian Ahern

This week’s news identifies a cyber-attack perpetrated against a key supplier of automation system technologies used in multiple critical infrastructure sectors. This latest news underscores the sophistication and the targeted nature of the attacks on critical infrastructure, as well as suppliers. It is representative of the determination and malicious intent of those intending to undermine global critical infrastructure. With DHS ICS CERT investigating 400% more incidents last year, it’s << More >>

Securing Data in the Cloud

Posted on September 10, 2012 by Kim Legelis

Over the past few years, cloud computing has become more and more popular, as many companies are turning to the cloud for their data storage needs. From the utilities industry perspective, it’s extremely important that the areas where data is stored are secure and trusted environments. Recently, John Boyd, general manager of hosted services, and Brian Ahern, CEO, of Industrial Defender spoke with Gary Mintchel of Automation World on this topic. John pointed out that utilities have been connect << More >>

Black Hat Report from the Field Day Two:

Posted on July 27, 2012 by Jacob Kitchel

Industrial Defender’s Jacob Kitchel is on the ground attending Black Hat 2012. From the Las Vegas heat he’s interpreting sessions and research that related to automation system and industrial control system operations. BH Session: Spanish Security Researcher has a Nose for Backdoors Talk Title: Here Be Backdoors: A Journey into the Secretes of Industrial Firmware As truffle hunters across Europe use pigs to sniff out truffles, Spanish Security Researcher Ruben Santamarta uses his skills to << More >>

OT and IT Are Not Made Equal

Posted on July 23, 2012 by Kim Legelis

When it comes to power generation, chemical processing or oil production, not all computer networks can be treated equal. Though they appear to share similar technologies, information technology (IT) networks and operational technology (OT) networks are two very different environments. And, unfortunately, the traditional means of security, such as patching, do not work for critical infrastructure systems. Kim Legelis, vice president of marketing at Industrial Defender, recently spoke with Fahmid << More >>

Chemical Processing Article: Strengthen Your Cyber Security

Posted on May 4, 2010 by Andrew Ginter

ChemicalProcessing.com has published my article “Strengthen Your Cyber Security”. The article is an introduction to cyber security provisions of the Chemical Facility Anti-Terrorism Standards (CFATS). The article makes it clear that cyber security at chemical facilities involves more than just technology – training, processes, awareness, physical security and of course technology all need to align to create an effective cyber-security system. Defense-in-depth is the recommend << More >>

Security Basics: Egress Filtering

Posted on May 3, 2010 by Andrew Ginter

Our security assessment practice reports that less than half of the firewalls they encounter at industrial sites we service have any egress filtering enabled, and even fewer have implemented rigorous filtering. Egress filtering consists of denying most or all “outbound” connections from a more trusted network to a less trusted network. Egress filtering is nothing new – best practices are described in a number of control system security standards, notably NIST 800-82 (which call << More >>

Cyber Warfare Conflation

Posted on April 27, 2010 by Andrew Ginter

There were another two pieces in the mass media last week on cyber warefare (CBS and ABC). The media generally gets the story straight, but spends little effort making sure the listener/reader understands it all. The problem is that there are several kinds of adversaries that get discussed, and several kinds of targets, with several kinds of motivations. If listeners and readers don’t already know what’s up, it is easy to mix up who is doing what to whom and get confused about how vu << More >>

ICSJWG 2010 Spring Conference

Posted on April 10, 2010 by Andrew Ginter

Highlights of the spring conference: The plant security working group of the WIB International Instrument User’s Association (www.wib.nl) has published report “M 2784 X10″ entitled “Process Control Domain – Security Requirements for Vendors”. Shell was a driving force behind this standard available for download here (note: WIB permission is needed to redistribute). Shell is starting to require their vendors to certify against M-2784 and Wurldtech is putting t << More >>

In Defense of Defense in Depth

Posted on April 1, 2010 by Andrew Ginter

I would like to respond to Bruce Schneier’s post “Should the Government Stop Outsourcing Code Development?” I think Bruce is close to the mark in his answer, but misses the point on both defense in depth and critical infrastructure. Fundamentally, most security flaws are no more than bugs – sometimes in requirements, sometimes in design, and often in implementation, but bugs nonetheless. Continue reading → << More >>

Western Regional Collegiate Cyber Defense Competition

Posted on March 26, 2010 by Jacob Kitchel

The Western Regional Collegiate Cyber Defense Competition is a regional event of the Collegiate Cyber Defense Competition which takes place in Pomona, CA at Cal Poly Pomona. In the CCDC, student teams (Blue Team) are asked to administrate and protect a business network while meeting business requirements all while being attacked by an attacking team (Red Team). Continue reading → << More >>

M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

ICS Perspectives

Tag Archives: industrial defender