Learn More
Process control and SCADA systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. Unfortunately, new research indicates this complacency is misplaced – the move to open standards such as Ethernet, TCP/IP and web technologies(More)
Protocol standards, particularly those for critical control systems in the petroleum and power industry, have traditionally been designed to address a specific application with little regard for security. At best, there has been only passing concern for security issues that may arise in deployment; at worst, protocol designers assume a closed (and therefore(More)
I n making the case against complacency about control system security, this report summarises the incident information collected in the Industrial Security Incident Database (ISID). It describes a number of events that have directly affected process control systems indicating that the number of cyber incidents against SCADA and control systems worldwide has(More)
Executive Summary The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems. The worm used both known and previously unknown vulnerabilities to install, infect and propagate, and was powerful enough to evade state-of-the-practice security technologies(More)
The ability to efficiently compare differing security solutions for effectiveness is often considered lacking from a management perspective. To address this we propose a methodology for estimating the mean time-to-compromise (MTTC) of a target device or network as a comparative metric. A topological map of the target system is divided into attack zones,(More)
Over the past few years the world of industrial controls has borrowed substantially from the world of information systems. Technologies such as Ethernet and TCP/IP have made the interfacing of industrial equipment much easier, but there is now significantly less isolation from the outside world. Network security problems from the business network can be(More)
A s part of this special issue on control systems for the energy sector, guest editors Sean Peisert and Jonathan Margulies put together a roundtable discussion on the topic with those who are on the front lines developing products, providing services, and addressing real-world threats and customer requirements. Eric Byres, chief technology oo cer for Too no(More)
    With the evolution of data communications in process control, network problems have taken on new importance to process engineers. The data connections from DCS and PLC systems to the plant network are vital to production, yet can be an invitation to problems. This paper looks at several real-life network disasters and discusses strategies for(More)
Next Generation Firewalls with Deep Packet Inspection (DPI) capabilities are now mainstream products for IT protocols. Unfortunately, designers and operators of industrial control systems (ICS) have not had access to these advanced technologies to protect their critical communications that involved protocols such as EtherNet/IP™. This is a serious problem.(More)
  • 1