On occasion, our security technologists provide overviews on topics of interest for businesses interested in or using our solutions. Sometimes, we believe the information provided may be of interest to wider audiences. This article represents one such topic. We hope readers will find it informative. (more…)
Latest Blog Posts
Seven months have passed since the Department of Homeland Security issued Seven Strategies to Defend ICSs and the time seems ripe to consider the state of control system cyber security.
As we in the industry well know, the past 16 years have marked nearly 2000 publicly disclosed vulnerabilities and intrusions of varying degrees of severity to the systems that drive our power and water supplies, production lines and more. The vulnerabilities most threatening to ICS are firewall-indifferent for the most part, afflicting the sensors, programmable logic controllers (PLC) and networks that automate and monitor, for example, climate control, lighting, perimeter security and water flow. (more…)
Most of us won’t lightly brush off news of a hacked nuclear power plant. As was widely reported April 27, one such incident involved the Gundremmingen plant in Germany that was found to be infected with malware intended to allow remote access. Even though the viruses seem to have posed no threat to operations of the plant 75 miles from Munich, it’s scary stuff when malware finds its way into a nuclear facility, and onto its industrial control system (ICS). It’s scarier still when the infection surfaces in a system that was a) upgraded and air-gapped, and b) responsible for moving nuclear fuel rods. (more…)
Like many in the business of cyber security for industrial control systems (ICS), I’ve been closely following this winter’s cruel and expertly executed hack in Ukraine that left more than 200,000 people in the cold and dark two days before Christmas. The first confirmed cyber-attack to shut down a power grid, the Ukraine assault demonstrated that a motivated enemy can, and will, break through standard cyber-defenses to further an agenda in ways that are not soon forgotten.
SecDef Asked to Add ICS Security to Monthly Cyber Scorecard
Stating that weaknesses in industrial control system (ICS) security “will have serious consequences on our ability to execute assigned missions if not addressed,” the letter I recently received was addressed to Defense Secretary Ash Carter. In it, two Navy admirals asked the Secretary to require improved control-system security by adding it as a priority in the cyber scorecard. (more…)