SCADA Cyber Security Problems - Just How Common are the Programming Errors?

The discovery of SCADA-security issues by Luigi Auriemma and Siemens PLC weaknesses by NSSLabs this year is interesting from a software-engineering point of view. Having been active in the development of industrial controllers, embedded devices, PLCs and machines, I have experienced the other end of the cyber security problem - not how vulnerabilities must be stopped, but the ease with how they are created.

The final agenda can be found at www.realtimeacs.com There are several unique hallmarks of the conference:

• Discussions of actual control system cyber impacts
• The significant amount of discussion makes keeping a schedule almost impossible
• Many of the presenters are not recognizable as they are not the typical speakers – these are the control system cyber security experts.

Wednesday September 21

High Points:

The industry uses the general term "threat information," but during more detailed discussions, it seems that the information companies seek is more like the traditional military concept of "tactical information."

Read this article and let us know if you agree.

Oakridge National Laboratory is hosting the above workshop November 8 – 10 at their facilities in Oakridge Tennessee with the intent of focusing on the Future of Instrumentation.

This popped up in my email box this morning. It's a note from Eric Byres at Tofino. Eric is a well-known security expert and a sometime contributor to Control. "With announcement on Tuesday of the Microsoft patch for the Stuxnet vulnerability, we have updated our recommendations for addressing this critical SCADA-focused software worm. Our revised white paper "Siemens PCS7 WinCC Malware" is available for download by all Tofinosecurity.com members now.

Each year the damage to critical infrastructure
from network incidentsand cyber attacks is measured
in the billions of dollars.

Traci Purdum, senior digital editor, talks
to Eric Byres, chief technology officer of Byres
Security Inc., to understand the risks and learn
how to mitigate them.

If you've been paying attention today, you already know that big news here in the Midwest, besides the snow, is the shooting at the ABB plant in St. Louis. The story is still developing, as we say in the press, and it's dangerous to draw any kind of hard-and-fast conclusions about what has happened or why. Instead, what I've been thinking about in the hours since the story broke is the fact that there's another whole kind of plant security that we have to think about. 

In his blog "What do 9/11, the Detroit bomber and ICS Security have in Common," Joe Weiss makes some really good points.

Here we go, the most challenging of all steps is the first one so I will start safe (baby steps concept) by sharing with you the topics I hope to cover in this blog: