Blogs

Who Is to Blame for Our Control Systems' Vulnerability?

Do we really need to have open systems and risk the cybersecurity of our control systems and plants, or can we do something to ensure the safety of our industrial networks?

AURORA and Its Effectives on Cybersecurity: Too Early to Pass Final Judgment

Since the original AURORA test bed at Idaho Labs in 2007 much has been said about the merits of the test conducted and many conjectures concerning its validity have been made.  It is important to remember that AURORA is not an isolated case that exists outside the cybersecurity framework.  To...

Malware Attack on RasGAs in the Middle East

Qatar-based liquefied natural gas (LNG) producer RasGas reported in early September that malware shut down part of its computer system. This was the latest cybersecurity attack in the Middle East region after the attack on the computer network of a state owned oil producer in Saudi Arabia.

Building the Next System Capable of Fending Off the Next Stuxnet Attack on Industrial Control Systems

Russian antivirus firm Kaspersky Lab seeks a developer and analyst to create an operating system that could dissuade the next Stuxnet attack on industrial control systems. Currently, Kaspersky Lab wants to hire professionals with experience in programming PCS and Supervisory Control And Data Acquisition (SCADA) systems, implementing industrial networking and...

More on the Illinois Water Attack

Seems SCADA systems (or at least alleged attacks on them) have hit the big time.Wired magazine is running this story on the Illinois Water Attack.See my post over on Unfettered about what's looking more and more like an Attack by the Keystone Cops instead, wh

The Illinois Water Hack Is a Test of the System for Disclosure – Is It Broken?

My blog on the Illinois water hack was directly based on a formal disclosure announcement by the Illinois State Terrorism and Intelligence Center - STIC (Note: My blog did not identify the state involved. That disclosure came from DHS).

Is the WaterISAC Helping the Water Industry? – The Illinois Water Hack Raises Serious Questions

Per the WaterISAC portal, the WaterISAC (Information Sharing and Analysis Center) is a community of water sector professionals who share a common purpose: to protect public health and the environment. The WaterISAC provides email notifications about threats and any incidents demanding immediate attention.

Water System Hack - The System Is Broken

Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:

The Need for Control System Cyber Forensics

There is a perception that control systems, including field devices, have cyber forensic capabilities similar to those of IT systems. That perception is wrong. A control system generally has a Microsoft front-end human-machine interface (HMI) that should have adequate cyber forensics.

The Precursor to the Next Stuxnet #safety #cybersecurity #stuxnet

Symantec posted on their site the latest information on the next chapter of Stuxnet. The site says that "Duqu" is a new threat whose goal is to gather intelligence in order to conduct a future Stuxnet-like attack.