Archive for July, 2011

Process control system infection concerns – actual current cases

A number of control system networks in South America are currently being impacted by several different malware infections. In one case, the control systems utilize OPC for interoperability.  The company has configured their systems such that all of th…

Industrial Defender will do all your security for you! #cybersecurity #pauto #automation #mfg

People who run process plants in critical infrastructure industries, such as refining, chemicals, power generation and distribution, water/wastewater, etc. do not want to do expensive things that will force them to hire people with expertise and train …

Update on ACS Conference – actual case histories

Internationally, there are currently three sites with control system network infections, at least one possibly Stuxnet. Two of the three are steel mills, the third a utility plant. I will be having the system integrator working on these cases making a …

Son of Stuxnet – is it here

With Dillon Berensford’s demonstration and now Ralph Langner’s blog (A Time Bomb with 14 Bytes), the discussion of which countr(ies) developed Stuxnet should be moot.  What Ralph and Dillon have demonstrated is that “son of Stuxnet” is here an…

An Open Invitation to the IT Community – Learn the differences between ICS and IT and help secure critical infrastructures

The industrial infrastructures of electric power, water, oil/gas, chemicals, manufacturing and transportation all use very similar industrial control systems (ICSs) to monitor and control the physical more

Control’s July 2011 issue is now online and ready for viewing

Control’s July cover story focuses on "Tribal Knowledge" and how new tools are preserving vital process know-howread more

Terry Childs Case (SF City Network Engineer convicted of hacking) and ICS

I had a an opportunity to hear the San Francisco Assistant District Attorney (ADA) that prosecuted the Terry Childs case, Conrad Del Rosario, present a summary. For those that are unaware, Terry Childs was the lead engineer (not network administrator) …

ExxonMobil gasoline pipeline break – control system questions

On July 1, the ExxonMobil gasoline pipeline in Montana that travels through
Yellowstone National Park suffered a major leak from a broken pipe and
spilled into the Yellowstone River.

A couple of questions more

#byres #pollard #stuxnet #cybersecurity #safetysystems #controldesign #pauto #mfg Think about this one over lunch…

I’m reproducing here an email thread between Control Design’s columnist Jeremy Pollard, Eric Byres of Byres Security and me. It is, shall we say, illuminating. And if this doesn’t scare you into moving quickly to secure your plant networks and control …

Flying “blind” in critical infrastructure?

Chris Blask wrote a very thoughtful blog at Infosec Island.  However, I think he glossed over some things that probably need to be addressed. The first sentence shows some problems right away: “The root problem with SCADA security is that control systems have been built on the concept that devices can be trusted.” As any […]