Blogs

Aurora, Iran, coincidence?

With the current focus on Stuxnet and Iran, it is easy to forget about Aurora. Certainly most utilities have. There are several important issues with Aurora:1. It does not use the Internet2. It does not use Windows3. Like Stuxnet, it is an engineering attack against a process4. Unlike Stuxnet, we have proof it works

Cyber Threat to Control Systems: Are Companies Expecting Too Much Info?

The industry uses the general term "threat information," but during more detailed discussions, it seems that the information companies seek is more like the traditional military concept of "tactical information."

Still Thinkin' About Cyber Security

One of the fun parts of my job is clicking around on the Internet to see what pops up. This afternoon's finds are these posts on Rick Kaun's "Insecurity" blog at the Matrikon website. The one I had in mind first was the October 5 post, but by the time...

More on Stuxnet and a New SCADA Security Blog

This popped up in my email box this morning. It's a note from Eric Byres at Tofino. Eric is a well-known security expert and a sometime contributor to Control. "With announcement on Tuesday of the Microsoft patch for the Stuxnet vulnerability, we have updated our recommendations for addressing this critical...

Controlling the Off Switch. Who Controls It?

We're about to acquire a significant new cybervulnerability. The world's energy utilities are starting to install hundreds of millions of 'smart meters' which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay tariff

And Another Link to Siemens WinCC/Simatic Virus Info

to a page on the Siemens site containing information on the Trojan that has affected Siemens software. The good news is that so far, apparently only one site has actually been hit. We will provide more updates as they become available.

A Network Security Expert's View of the Siemens Exploit #pauto #siemens #cybersecurity

Just to be clear, this is Walt Boyes here.

We Knew It Was Only a Matter of Time

Coming to work on a Monday and finding an email outlining the report of a major cyber security breach affecting an important supplier and its customers is never a good way to start the week. But that's what happened this morning.

WIB Process Control Domain - Security Requirements for Vendors now posted

This document specifies requirements and gives recommendations for IT security to be fulfilled by vendors of process control and automation systems to be used in Process Control Domains (PCDs).