Industrial Security
Industrial Ethernet
Data Centers
Broadcast AV
Belden News
Blog Home
Blog Category: Industrial Security

Posted by: Frank Williams on August 20, 2013

Due to a “if it ain’t broke, don’t fix it” mentality, our industry has historically resisted, rather than embraced, emerging technology. Thankfully – and not a moment too soon – experts have started to take advantage of the technologies at their disposal in one key area: security.

As a whole, however, security can be overwhelming. While many managers and engineers know they need to implement some sort of network security measures to protect their operations, they often times don’t know where to begin. And with that uncertainty (or lack of budget), they may not spring into action unless forced.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: on July 31, 2013

Recently there was a thread on SCADASEC news, a restricted access critical infrastructure mailing list, about the challenges of firewalling BACnet networks. If you only work in the industrial automation space, you may not have heard of this protocol, but it is big in building automation. Regardless, the discussion around BACnet applies to many industrial protocols.

The question raised was whether or not BACnet traffic can be managed by a firewall. The problem is that BACnet, like many other automation protocols, doesn’t play by the usual IT rules. In BACnet’s case, it does not use TCP/IP at all, so trying to secure it with a typical IT firewall that looks for TCP port numbers is a lost cause.

Furthermore, the point was raised that if a security device has the ability to secure BACnet, it would be so complicated that an industrial engineer could not manage it. And, if you get the IT “security guru” involved then you create a reliability nightmare. So SCADASEC contributors asked “Can a non-TCP/IP industrial network be realistically secured?”

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on May 06, 2013

Our last blog, contributed by Thomas Nuth, highlighted the fact that industrial cyber security is now being discussed by heads of state within the international community - the Executive Order – Improving Critical Infrastructure Cybersecurity signed by President Obama in February of this year being just one indication of the importance being attached to this issue.


Let’s continue the discussion...

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on April 19, 2013

Editor's Note: This article was contributed by Thomas Nuth, product marketing manager.

Three years ago, the concept of industrial cyber security became a popular discussion topic within the industrial networking community. Now the discussion has risen to the level of heads of state within the international community. The Executive Order – Improving Critical Infrastructure Cybersecurity signed by President Obama in February of this year is just one indication of the importance being attached to this issue.

What’s also interesting is the change in focus of this discussion topic. The key question has changed from an interested “Why do we need to secure our industrial network?” to a frantic “How do we do it?”

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on April 08, 2013

If you have read my previous blogs on patching for control system security, you might think I am completely against patching. Guess what? I’m not against them!

Actually, I think applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. If you never patch, you are leaving your system open to a decade of malware.

What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.

Read More >>


Comments (4)
Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on March 28, 2013

In my last blog, I discussed the reasons why critical industrial infrastructure control systems are so vulnerable to attacks from security researchers and hackers, and explained why patching for such systems is not a workable solution.

But let’s now examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process (for example, through the staged patching of redundant controllers)...

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on March 15, 2013

As regular readers of this blog know, after Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure.

Unfortunately, the Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) applications they are now focusing on are sitting ducks.

Up until recently SCADA and ICS systems have been designed with reliability and safety in mind; security has been a minor consideration. Products that have never faced security tests are now under attack from sophisticated vulnerability discovery tools, and major control system security flaws are being continuously exposed.

Read More >>


Comments (2)
Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on March 08, 2013

Last week I received am email (shown further down on this page) purporting to be from the US Internal Revenue Service (IRS).

Notice that the US Internal Revenue Service now uses Cyrillic script on its staff email addresses! And they use AOL as an email service, rather than irs.gov. (Is the US budget sequestration really hurting that badly? )

The third fun item is that the link you are supposed to click on (irs.gov/pub/irs-pdf/forms2012/) actually resolves to prospectrealty.net/wp-content/plugins/Bridge-Book-Printer/forms.htm.

(Note to Prospect Realty – you might want to secure your web site a little better.)

Read More >>


Comments (0) Post a Comment

Follow Us

Subscribe
Industrial Security
RSS Feed
Industrial Security
Email Notifications

Search
Industrial Security Blog
All Belden Blogs


Stay Informed