Background: In computing, a denial-of-service attack (DoS attack) is an attempt to make a machine or network resource unavailable to its intended users. One common method of attack involves saturating the target machine with communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly...
Last year, an engineer from one of Iran's largest engineering companies (or so we were told) provided an unsolicited paper on Stuxnet and antivirus to Walt Boyes at Control magazine. The article was a good technical article (see earlier blog on this subject last year).
Siemens, still smarting from the targeted nation-state attack called Stuxnet that used Step 7 and PCS7 as vehicles, has gone to great pains to point out that their new controller offering, the S7-1500, has integrated security functions built into the firmware of the controller.
I am honored to have received my official notification of being designated a US expert to IEC TC45/SC 45A/WG9 - Instrumentation and control of nuclear facilities. This is in addition to being a designated US expert to IEC TC 57 WG15 - Power systems management and associated information exchange, and...
The Myth of Rip and Replace in SCADA and Industrial Control Systems #cybersecurity #pauto #SCADA @tofino @digitalbond
Recently, Eugene Kaspersky made headlines about designing an operating system for industrial control systems. It doesn't seem to have gone anywhere, as you might expect.
In the IT environment a denial-of-service is one of the worst case scenarios. In this case, data can no longer move and the system comes to a stop. In the ICS environment, the worst case scenario is loss of control (LOC) and/or loss of view (LOV).
NIST defines a cyber incident to be communications between systems (or people and systems) that affect confidentiality, integrity, or availability. The NIST definition does not require an incident to be malicious to be defined as a cyber incident.
Recently, ICS-CERT disclosed that in October 2012 a computer malware virus invaded a turbine control system at a US power plant when a technician "unknowingly" inserted an infected USB computer drive into the network, keeping the plant off line for three weeks.
Recently, several ICS end users in the Middle East and Asia have been exposed to attacks directly on the control systems through firewalls that have been misconfigured, or not configured correctly, for Modbus and OPC data.
The November/December 2012 issue of ISA's Intech magazine has an article "Selecting temperature measurement and control systems". The article states: "Network connectivity ties everything together. The goal of any DAS (data acquisition system) is to deliver sensor data for reporting and analysis.