We all agree that SCADA and Industrial Control System security needs to improve. However there is a lot of disagreement on what exactly needs to happen to make security for industrial systems easier to deploy and more effective. Last week’s blog exchange between me and Dale Peterson, is just one example of those differences. Now this week I am going to go in a different direction when it comes to improving security.
Something I believe industry urgently needs is better standards for information exchange between security solutions.
It is great to have the latest security technologies like VPNs, anti-virus (AV), firewalls, IDS, etc. on your plant floor. Unfortunately getting them to interact with each other can be like pulling teeth. Read more
This is an excerpt from the Think Forward blog by Ernie Hayden at verizonbusiness.com.
In a move that may be helpful for critical infrastructure asset owners, on July 23 the Industrial Control Systems Joint Working Group (ICSJWG) published a new document on a framework for disclosing Industrial Control System (ICS) vulnerabilities.
Common Industrial Control System Vulnerability Framework
Industrial Control Systems Joint Working Group (ICSJWG), which was established by the U.S. Department of Homeland Security Control Systems Security Program, published the document – Common Industrial Control System Vulnerability Framework. The document was developed with the intention of providing consensus-based guidance to vendors and system integrators in helping them create ICS vulnerability disclosure policies. Read more
Nowadays Stuxnet has become a household term the second anyone talks about cyber security for industrial control systems (ICS). This sophisticated piece of malware first identified in 2010, showed just how powerful an ICS compromise could be in terms of both the impact to manufacturing operations and the possibility of mechanical damage. Was this an isolated attack, unlikely to occur again, or the beginning of a new era in ICS security issues? Read more
Last week I discussed the first steps to take to get started to improve ICS and SCADA Security in your facility. Those steps included:
• Step 1 – Conducting a Security Risk Assessment,
• Step 2 – Learning Industrial Cyber Security Fundamentals, and
• Step 3 – Understanding the Unique Requirements of ICS and SCADA Cyber Security. Read more
The furor over the Siemens vulnerabilities and the fear that Son-of-Stuxnet could be around the corner has raised awareness of the need for cyber security to be taken seriously by the process and critical infrastructure industries.
If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organization can get moving on more robust cyber security practices. This is the article to get you started. Read more