With the current focus on Stuxnet and Iran, it is easy to forget about Aurora. Certainly most utilities have. There are several important issues with Aurora:1. It does not use the Internet2. It does not use Windows3. Like Stuxnet, it is an engineering attack against a process4. Unlike Stuxnet, we have proof it works
The industry uses the general term "threat information," but during more detailed discussions, it seems that the information companies seek is more like the traditional military concept of "tactical information."
One of the fun parts of my job is clicking around on the Internet to see what pops up. This afternoon's finds are these posts on Rick Kaun's "Insecurity" blog at the Matrikon website. The one I had in mind first was the October 5 post, but by the time...
This popped up in my email box this morning. It's a note from Eric Byres at Tofino. Eric is a well-known security expert and a sometime contributor to Control. "With announcement on Tuesday of the Microsoft patch for the Stuxnet vulnerability, we have updated our recommendations for addressing this critical...
We're about to acquire a significant new cybervulnerability. The world's energy utilities are starting to install hundreds of millions of 'smart meters' which contain a remote off switch. Its main purpose is to ensure that customers who default on their payments can be switched remotely to a prepay tariff
to a page on the Siemens site containing information on the Trojan that has affected Siemens software. The good news is that so far, apparently only one site has actually been hit. We will provide more updates as they become available.
Just to be clear, this is Walt Boyes here.
FOR IMMEDIATE RELEASE
Coming to work on a Monday and finding an email outlining the report of a major cyber security breach affecting an important supplier and its customers is never a good way to start the week. But that's what happened this morning.
This document specifies requirements and gives recommendations for IT security to be fulfilled by vendors of process control and automation systems to be used in Process Control Domains (PCDs).