| |
The Offshore Technology Conference (OTC) is on in full force right now and Belden’s booth (7236) has been busy. Liaising with our booth staff I have heard that safety and security are hot topics with attendees this year. Well here is a topic they should know about, that is, why offshore networks need SCADA security with Deep Packet Inspection (DPI).
Let me give you some context. The critical systems managing production and safety on offshore platforms are largely based on legacy SCADA and Industrial Control System (ICS) products and protocols. Many of these products are decades old and were never designed with security in mind. Yet nowadays they are connected to other systems using Ethernet and TCP/IP. That has been great for efficiency but it exposes mission critical production systems to malware. Read more »
Editor’s Note: This article was contributed by Thomas Nuth, product marketing manager.
Three years ago, the concept of industrial cyber security became a popular discussion topic within the industrial networking community. Now the discussion has risen to the level of heads of state within the international community. The Executive Order – Improving Critical Infrastructure Cybersecurity signed by President Obama in February of this year is just one indication of the importance being attached to this issue.
What’s also interesting is the change in focus of this discussion topic. The key question has changed from an interested “Why do we need to secure our industrial network?” to a frantic “How do we do it?”
Obama’s Executive Order on Cybersecurity: A Sign of the Times? Image Credit: Mashable Read more »
As regular readers of this blog know, after Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure.
Unfortunately, the Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) applications they are now focusing on are sitting ducks.
Up until recently SCADA and ICS systems have been designed with reliability and safety in mind; security has been a minor consideration. Products that have never faced security tests are now under attack from sophisticated vulnerability discovery tools, and major control system security flaws are being continuously exposed.
 Read more »
As a reader of this blog you likely don’t need to be convinced that SCADA and ICS Security need to be greatly improved. There are several ways to go about accomplishing that, and I am glad that there is a healthy dialogue underway on this topic within the industrial security community. This includes the back and forth between myself and Dale Peterson of Digital Bond, that continues with this article.
When I attended Digital Bond’s S4 Conference earlier this month I heard Dale talking about “SCADA apologists”; however, I didn’t think he was referring to me. Then, in a blog article posted yesterday, he says “I’m disappointed that Eric went the SCADA apologist route”.
I am writing today to restate my position on what I believe needs to happen to improve SCADA and ICS security. I will also clarify where our own Tofino Security products fit in. Read more »
The SCADA Security Scientific Symposium (S4), put on by Digital Bond every year, is an event I look forward to. It brings together the leading researchers and thinkers on ICS security and is always exciting. As I noted after last year’s event, this is the one conference where I am sure to learn new ways of thinking about the future of PLC security. And the food is good too.
This year’s conference is particularly relevant to me because it includes a presentation on the testing of the Tofino Security Appliance by researcher Reid Wightman. Last year’s S4 premiered “Project Basecamp”, which reported on the vulnerabilities found in the SCADA and PLC equipment made by automation vendors. The goal of Dale Peterson, S4’s founder, in publically presenting vulnerabilities along with exploit code that takes advantage of them, is to incite vendors into improving the security of their products.
On the left Dale Peterson introduces the session advanced testing of the Tofino Security Appliance. On the right Eric Byres responds to questions at the end of the session. Read more »
Yesterday afternoon I received a note from another security expert that has left me a bit stunned. Like most of you, I assumed that if you are patching your Windows computers on your SCADA or ICS system (using some variation of Microsoft Windows Update), then any vulnerable services that can be patched will be patched. Well guess again – you may still have a number of open vulnerabilities that are happily being missed by the Windows update service. And scariest of all, you can’t do much about it. Read more »
This is an excerpt from the Think Forward blog by Ernie Hayden at verizonbusiness.com.
In a move that may be helpful for critical infrastructure asset owners, on July 23 the Industrial Control Systems Joint Working Group (ICSJWG) published a new document on a framework for disclosing Industrial Control System (ICS) vulnerabilities.
Common Industrial Control System Vulnerability Framework
Industrial Control Systems Joint Working Group (ICSJWG), which was established by the U.S. Department of Homeland Security Control Systems Security Program, published the document – Common Industrial Control System Vulnerability Framework. The document was developed with the intention of providing consensus-based guidance to vendors and system integrators in helping them create ICS vulnerability disclosure policies. Read more »
This is an excerpt from the Practical SCADA Security blog at Tofino Security.
Last week I discussed how security experts and ICS / SCADA vendors are giving up on the dream of the air gap as a viable security solution for the modern control system. Unfortunately, it is still all too easy to believe your control system is isolated.
Recently I had a very enlightening conversation with a control engineer who thought his system was air gapped. Read more »
Last week I updated my air gap blog from 2011. I noted some companies (like Siemens) no longer mention air gaps. Then to keep things balanced, I added new examples of consultants that support the air gap theory. In particular, I selected this quote from Paul Ferguson at Trend Micro:
“I’ve written about SCADA issues in the past, but one issue that I’ve consistently tried to emphasize is that critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form. There’s a good reason for this, and it’s always been referred to as the “Air Gap” Principle.” Read more »
This is an updated version of this article, which was first appeared on Belden Blogs on March 3, 2012 and on TofinoSecurity.com on June 30, 2011
Recently I gave a talk focused on air gaps as a security strategy in control systems. The talk was at the AusCERT 2012 conference and to my amazement, it generated a large amount of discussion in the media both inside and outside Australia. Here are a few examples:
While all this interest is very heartening, a number of the people commenting seem to have misunderstood my message. Today I am writing to make my views on air gaps a bit clearer.
Byres presenting “Unicorns and Air Gaps” at AusCERT 2012
Supporters of Air Gaps Do Exist
The theory of the air gap sounds great; by creating a physical gap between the control network and the business network, bad things like hackers and worms can never get into critical control systems. But as you can probably guess from the title of my blog, I don’t believe that true air gaps actually exist in the ICS and SCADA world.
Certainly, there are many people that disagree with me outright. For example, Paul Ferguson, an Internet Security Intelligence blogger at Trend Micro recently wrote:
I’ve written about SCADA issues in the past, but one issue that I’ve consistently tried to emphasize is that critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form. There’s a good reason for this, and it’s always been referred to as the “Air Gap” Principle.” 1
Similarly, last year there was a flood of SCADA and ICS vulnerability notices with advice on addressing the issue by using an air gap. One example I gave in the past came from the original Siemens Security Advisory addressing the vulnerabilities in Siemens SIMATIC S7-1200 PLC line:
“In addition, it is important to ensure your automation network is protected from unauthorized access using the strategies suggested in this document or isolate the automation network from all other networks using an air gap.” 2 Read more »
|
|
