Defending ICS: How Are We Doing?

sdemattio 60x80Seven months have passed since the Department of Homeland Security issued Seven Strategies to Defend ICSs and the time seems ripe to consider the state of control system cyber security.

As we in the industry well know, the past 16 years have marked nearly 2000 publicly disclosed vulnerabilities and intrusions of varying degrees of severity to the systems that drive our power and water supplies, production lines and more. The vulnerabilities most threatening to ICS are firewall-indifferent for the most part, afflicting the sensors, programmable logic controllers (PLC) and networks that automate and monitor, for example, climate control, lighting, perimeter security and water flow. (more…)

0502160-blog-feature

When a Nuclear Plant is Hacked, It’s Time for New Best Practices

AlexMost of us won’t lightly brush off news of a hacked nuclear power plant. As was widely reported April 27, one such incident involved the Gundremmingen plant in Germany that was found to be infected with malware intended to allow remote access. Even though the viruses seem to have posed no threat to operations of the plant 75 miles from Munich, it’s scary stuff when malware finds its way into a nuclear facility, and onto its industrial control system (ICS). It’s scarier still when the infection surfaces in a system that was a) upgraded and air-gapped, and b) responsible for moving nuclear fuel rods. (more…)

031816-Ukraine-Attack

Ukraine’s Power-Grid Failure Confirmed as Cyber-Attack. Now What?

JohnLike many in the business of cyber security for industrial control systems (ICS), I’ve been closely following this winter’s cruel and expertly executed hack in Ukraine that left more than 200,000 people in the cold and dark two days before Christmas. The first confirmed cyber-attack to shut down a power grid, the Ukraine assault demonstrated that a motivated enemy can, and will, break through standard cyber-defenses to further an agenda in ways that are not soon forgotten.
(more…)

030215-secdef-feature

Navy Admirals Seek Greater Accountability in Securing Critical Infrastructure

SecDef Asked to Add ICS Security to Monthly Cyber Scorecard

Benga Erinle, 3eTI President

Stating that weaknesses in industrial control system (ICS) security “will have serious consequences on our ability to execute assigned missions if not addressed,” the letter I recently received was addressed to Defense Secretary Ash Carter. In it, two Navy admirals asked the Secretary to require improved control-system security by adding it as a priority in the cyber scorecard. (more…)

022616-DHS-feature

DHS Offers Industry Seven Steps to Comprehensively Defend Control Systems: 3eTI Weighs In

Benga Erinle, 3eTI PresidentDays before the New Year rang in, and less than a week after a cyber-attack cut electricity to tens of thousands of Ukrainians, the Department of Homeland Security released new guidance on tightening security in “as-built” industrial control systems (ICS). The recommendations, presented in “Seven Steps to Effectively Defend Industrial Control Systems,” are high-level but clearly support elevating the cyber security posture of ICS and critical network infrastructures. I believe they merit some specificity, as this paper directly addresses Ultra Electronics, 3eTI’s mission to protect critical infrastructure — pipelines, power plants, refineries, water systems — from increasingly complex threat landscapes. (more…)