New SCADA Security Standard needs Your Input NOW

Posted by on 19/02/2013

We all agree that SCADA and Industrial Control System security needs to improve. However there is a lot of disagreement on what exactly needs to happen to make security for industrial systems easier to deploy and more effective. Last week’s blog exchange between me and Dale Peterson, is just one example of those differences. Now this week I am going to go in a different direction when it comes to improving security.

Something I believe industry urgently needs is better standards for information exchange between security solutions.

It is great to have the latest security technologies like VPNs, anti-virus (AV), firewalls, IDS, etc. on your plant floor. Unfortunately getting them to interact with each other can be like pulling teeth. Read more »

Posted in Industrial Security
Tags: ,
Leave a comment

Industrial Security: New Vulnerability Disclosure Framework A Step Forward

Posted by on 01/08/2012

This is an excerpt from the Think Forward blog by Ernie Hayden at verizonbusiness.com 

In a move that may be helpful for critical infrastructure asset owners, on July 23 the Industrial Control Systems Joint Working Group (ICSJWG) published a new document on a framework for disclosing Industrial Control System (ICS) vulnerabilities.

Common Industrial Control System Vulnerability Framework

Industrial Control Systems Joint Working Group (ICSJWG), which was established by the U.S. Department of Homeland Security Control Systems Security Program, published the document – Common Industrial Control System Vulnerability Framework. The document was developed with the intention of providing consensus-based guidance to vendors and system integrators in helping them create ICS vulnerability disclosure policies. Read more »

Posted in Industrial Security
Tags: , , , , , , , , ,
Leave a comment

Protecting your ICS from Zero-Day Attacks (plus Video)

Posted by on 29/02/2012

Nowadays Stuxnet has become a household term the second anyone talks about cyber security for industrial control systems (ICS). This sophisticated piece of malware first identified in 2010, showed just how powerful an ICS compromise could be in terms of both the impact to manufacturing operations and the possibility of mechanical damage. Was this an isolated attack, unlikely to occur again, or the beginning of a new era in ICS security issues? Read more »

Posted in Industrial Security
Tags:
Leave a comment

Getting Started on ICS and SCADA Security (Part 2 of 2)

Posted by on 29/02/2012

Last week I discussed the first steps to take to get started to improve ICS and SCADA Security in your facility.  Those steps included:

•    Step 1 – Conducting a Security Risk Assessment,
•    Step 2 – Learning Industrial Cyber Security Fundamentals, and
•    Step 3 – Understanding the Unique Requirements of ICS and SCADA Cyber Security. Read more »

Posted in Industrial Security
Tags:
Leave a comment

Getting Started on ICS and SCADA Security (Part 1 of 2)

Posted by on 29/02/2012

The furor over the Siemens vulnerabilities and the fear that Son-of-Stuxnet could be around the corner has raised awareness of the need for cyber security to be taken seriously by the process and critical infrastructure industries.

If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organization can get moving on more robust cyber security practices.  This is the article to get you started. Read more »

Posted in Industrial Security
Tags:
Leave a comment

On Twitter