Industrial Security
Industrial Ethernet
Data Centers
Broadcast AV
Belden News
Blog Home
Blog Category: Industrial Security

Posted by: on August 24, 2016

Recently we looked at the state of ICS security according to the 2016 SANS survey and commented on how a broader set of tools is becoming available to secure industrial automation systems. Many industrial engineers will likely not be familiar with these new-to-ICS technologies.

However, it’s important to know about the universe of available industrial security solutions. If new solutions are being considered for use, plant staff need to contribute expertise to their selection and deployment so that
mission-critical operations are protected.

Thus, with the goal of informing you about some of the newer industrial security products and approaches now available for manufacturing and process control systems, this article looks at Belden’s partnership with FireEye.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: on August 10, 2016

Do you believe that your control system is in more danger from cyberattacks now than it was a year ago? How does this compare with what other organizations are experiencing? How does your company compare to others in terms of doing security assessments?

If any of these questions are of interest, you will want to study the “SANS 2016 State of ICS Security Survey” report. As I mentioned in a recent article on where to find hard-to-get ICS security data, this is one of the only no-charge sources of ICS security data available.

Last year when I reviewed the 2015 results, I summarized the security controls recommended by SANS. This year I am going to comment on 3 aspects of the report’s findings: security threats and perceptions, security visibility and the convergence of IT and OT. Read on to learn more and to find out where to obtain the report and related resources.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: on July 27, 2016

In 2015, Belden increased its investment in cyber security technology with the acquisition of Tripwire. Up until then, the breadth of our ICS security products included a range of industrially hardened devices that control, direct and filter industrial Ethernet communications.

With Tripwire, our solution set expanded to include identifying assets and evaluating their status with regards to security indicators such as configuration, change activity, hardening guidelines, standards compliance and threat intelligence.

While already a leader in NERC CIP compliance software, Tripwire recently announced enhancements to its Configuration Compliance Manager (CCM) that extend its industrial reach beyond electric utilities. Let’s examine how CCM’s new support for the important ISA IEC 62443 security standard and for Rockwell Automation’s control systems expands the toolkit of ICS security practitioners.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: on July 13, 2016

As 2016 opened, news coverage of the cyberattack that led to the Ukraine power outage was prominent. It was a high-profile example of a cyberattack disrupting a control system, resulting in loss of power for thousands of people.

Whether or not this incident was a hot topic in your operational and management meetings, cyber security is a high priority for most industrial organizations.

The good news is there is an easy way for you to improve your ICS security knowledge and competency. That way is to attend our upcoming Industrial Ethernet Infrastructure (IEI) Design Seminar, being held Oct. 10-13, 2016 in Orlando, Florida.

Read on to find out more about our ICS cyber security training and how you will benefit from it – plus learn some excellent tips for getting approval from your boss to attend it.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: on June 29, 2016

A common best practice in any field is to benchmark performance or results against industry norms. In the case of industrial control systems (ICS), security breach benchmarking is a challenge.

There isn’t a lot of data available and the data sets that are available are not as extensive or as granular as one would like.

Having said that, there is some ICS security breach data available and it is worthwhile to obtain it, review it and reflect on it. This article provides a list of freely available information on the state of industrial security and provides some context for each source.

Read More >>


Comments (2)
Post a Comment

Blog Category: Industrial Security

Posted by: on June 15, 2016

Two things that make ICS cybersecurity different from IT security are the use of industrial-specific protocols like DNP3 and the common usage of endpoints like PLCs, IEDs and RTUs that are 15+ years old. Both of these factors are significant in industries that depend on WAN communication networks, such as power, water/wastewater, transportation plus oil and gas systems.

Recently two SCADA security experts, Erik Schweigert of Belden and Joel Langill of SCADAhacker.com, gave a webinar that described the challenges of securing systems like power grids.

If you want to understand how to secure industrial protocols like DNP3 or the unique challenges of Defense in Depth for OT, I strongly recommend you listen to this webinar. Read on to find out the top 10 things you will learn.

Read More >>


Comments (0) Post a Comment

Blog Category: Industrial Security

Posted by: Oliver Kleineberg on June 01, 2016

An important best practice for industrial security is to implement a Defense in Depth strategy. With this approach, multiple layers of defense are implemented, in contrast to just one defense mechanism, such as a single firewall.

A complementary best practice used as part of a Defense is Depth strategy is Zones and Conduits, as defined in the ISA IEC 62443 standard. This involves segmenting the network into zones of devices with similar security requirements and using conduits to restrict the communication between zones.

Using Zones and Conduits as part of a Defense in Depth strategy is not a new concept. If you look at castle construction for any culture, you will see that layers of security were built into their design to contain attackers and make their movements more difficult.

Industrial firewalls play an important role in implementing both Defense in Depth and Zones and Conduits. Let’s look at some examples of how they do that.

Read More >>


Comments (2)
Post a Comment

Blog Category: Industrial Security

Posted by: Industrial IT Team on May 11, 2016

Energy and electric utility organizations are facing a range of challenges requiring a reevaluation of the cyber security within their industrial control networks, endpoints and controllers.

On the one hand, operators have to face losing access to phone lines, securing transmission substations, meeting pressing NERC CIP audit requirements and worrying about Internet connections to vital systems. On the other hand, they are confronted with evidence that indicates an increase in cyber attacks on energy Industrial Control Systems.

Given this environment and the importance of energy systems as critical infrastructure, Belden has increased its focus on cyber security solutions for the energy sector. This includes our recent announcement of the new Tofino Xenon for Energy product line. Most importantly, this offering includes modules for securing the DNP3 and IEC 60870-5-104 (IEC 104) protocols for electric power and SCADA systems.

If you are involved with cyber security for energy, power or electric utility systems, read on to find out why this new product line is a game changer for protecting critical assets.

Read More >>


Comments (0) Post a Comment

Follow Us

Subscribe
Industrial Security
RSS Feed
Industrial Security
Email Notifications

Search
Industrial Security Blog
All Belden Blogs


Stay Informed