Industrial Security
Industrial Ethernet
Data Centers
Broadcast AV
Belden News
Blog Home
Blog Category: Industrial Security

Posted by: Industrial IT Team on November 13, 2013

In last week’s Practical SCADA Security blog, I discussed how the new vulnerabilities discovered in DNP3 SCADA masters are carving big holes in the NERC’s concept of the Electronic Security Perimeter (ESP). Dale Peterson started the ball rolling in his blog “Why the Crain/Sistrunk Vulnerabilities are a Big Deal”. Then Darren Highfill posted a blog explaining that the vulnerabilities don’t even require the attacker climb a fence. DNP3 serial links connect millions of physically insecure pad and pole devices. Accessing just one of those devices opens the door to a system wide attack. Since there is no way that every one of these devices can be inside the perimeter, the concept of NERC’s ESP is fatally flawed.

Darren is a great asset to the industry, as demonstrated by the careful analysis he has put into how an attacker might find a way in to a system via a remote pole. But as I hinted last week, I think that Darren makes a technical error in his blog.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on November 11, 2013

If you have been following SCADA news in the last month, you might have noticed an avalanche of reports and blogs on new security vulnerabilities in power industry equipment. So far, vulnerability disclosures for 9 products using the DNP3 protocol have been released by the ICS-CERT , with another 21 SCADA product disclosures reportedly on their way. Even the New York Times and Wired Magazine have picked up this story.

Now, more vulnerabilities in SCADA products is hardly news, so why all the fuss?

All 25 vulnerabilities have been discovered by just two researchers, Adam Crain and Chris Sistrunk, using an impressive new security test tool that Adam developed under his AEGIS Project. This introduces a new world of attack possibilities against the power industry.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: on November 04, 2013

Today I am glad to be writing about a good news story. That story is that Belden’s Eric Byres is being awarded the ISA (International Society of Automation) Excellence in Leadership award for his contributions to the automation industry in the area of industrial security.

ISA President Terrence G. Ives remarked:

“When considering nominations, we look for someone whose vision has fostered a paradigm shift, whose leadership has profoundly impacted the profession, and whose contributions have enhanced social value. This award is a way to express our appreciation for Eric’s outstanding achievements to the industry.”

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: on November 01, 2013

Jeff Smith of American Axle & Manufacturing (AAM) is a guru in the world of industrial Ethernet networking and ICS Security. We were fortunate to have him speak again at the 2013 Belden Industrial Ethernet Infrastructure Design Seminar.

In a previous article I outlined the reasons AAM decided to move to Ethernet/IP communications and how they implemented best practices such as standardized segmented network configurations. Today I am going to write about Jeff’s approach to ICS security. This includes setting clear objectives for priority areas of security and aligning your perspective and your vendors’ perspectives with his “deep thoughts”.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: on October 09, 2013

The 2013 Belden Industrial Ethernet Infrastructure Design Seminar is on this week with over 200 attendees participating in training sessions and learning from keynote speakers.

The event started off with Belden’s Senior Vice President Steve Biegacki setting the stage by indicating that we are still in the early days of Ethernet adoption for industrial networks.

Belden is facilitating this technology transition by providing training, such as this event, and also by offering the Belden Certified Industrial Network program that guarantees high performing and reliable mission critical networks.

A highlight of the event was a panel of 4 top cyber security analysts who made practical recommendations for improving ICS security, including “The Rule of P”.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: Brian Oulton on October 02, 2013

Industrial Security IS the hot topic today. No one denies that the threats are out there. Further, management was probably right in deciding to assign the task and ask you to figure it out, come up with a plan and protect the company from… well, they didn’t say.

All the while, you know you’ve got little to no budget and the mandate to keep production running if and when you put your plan into action. After a few conversations, you’re pretty sure that you can’t afford the 3rd party risk assessment from the consultants you talked with, and you’re even more certain you can’t afford the plans they hinted at laying out for you.

But you can’t afford to do nothing! Instead, try this zero cost industrial security risk assessment.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on September 25, 2013

One of the statements I continue to hear as I talk to executives, managers and engineers is “None of our SCADA or ICS equipment is accessible from the Internet.” This week’s blog contributor, Bob Radvanovsky of www.infracritical.com, explains Project SHINE – his effort to determine if this statement is fact or fiction.

Project SHINE was developed to extract information about the existence of SCADA and ICS devices accessible from the Internet. It sends connection requests to those devices and records the header information from the devices if they respond. And unless they are behind a firewall, most devices will respond, even if it is just to say “go away.”

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on September 11, 2013

In a recent blog article – Chicken, Egg, and Chicken Omelette with Salsa – Dale Peterson of Digitalbond (a SCADA security consulting and research company) is squawking like a rooster. Nothing new, but this time his message is scrambled. He once again referred to me as a SCADA Apologist, though this time he also labeled me the “salsa” that accompanies a chicken omelette. While I responded to his opinion in my January 30 blog post, I’d like to revisit this spicy topic.

I am not a SCADA Apologist. If anything, I consider people like myself and Joel Langill (scadahacker.com) to be SCADA Realists. Clearly Joel and I believe security is important. If we didn’t, we wouldn’t be in this business. And our clients don’t pay us to hear: “Do nothing; it’s the other guy’s fault.”

Read More >>


Comments (0) Post a Comment

Follow Us

Subscribe
Industrial Security
RSS Feed
Industrial Security
Email Notifications

Search
Industrial Security Blog
All Belden Blogs


Stay Informed