Researchers, looking at seven years of data, have concluded that Industrial Control Systems are vulnerable to cyber attacks in the near and foreseeable future.Read More >
At the recent Midwest Energy Association Summit, discussion broke out about "negotiating private cellular communications versus dependence on fully public networks" among the ICS/SCADA operators present. Many, apparently, are installing their own femtocell and microcell deployments, despite the costs and regulatory issues around frequency bandwidth and use.Read More >
Speaking at the S4ICS conference in Miami, FL on Wednesday, Ralph Langner described Stuxnet as a long-term Man-in-the-Middle attack rather than a short-term virus attack.
Stuxnet is a two-step malware product that first infects Windows systems, then attacks Siemens System 7 PLC units, such as those being used in Iran for nuclear research. Langner, a security researcher who knows more about Stuxnet code than practically anyone else, was quoted as saying, "we are 100 percent confident that Stuxnet's target was the Natanz enrichment plant in Iran."Read More >
On Monday, a security researcher published new vulnerabilities affecting remote access to the “NOE 771” devices manufactured by Schneider Electrics, one of the world's largest manufacturer of SCADA system devices. The vulnerabilities prompted the ICS-CERT to issue an alert.
Rubén Santamarta (a.k.a. "Reverse Mode"), a 29-year old European-based independent security researcher who previously showed how to hack into the Large Hadron Collider at CERN, said that he was able to attack these devices remotely after first locating vulnerable NOE 771 devices through the SHODAN search engine and then downloading the firmware from Schneider Electric. After reverse engineering the firmware update, Santamarta found he could load a trojanized firmware update, use non-documented hidden accounts, and use other non-documented functionalities. The trouble is in how the devices access remote access commands.Read More >
The state of cybersecurity for industrial control systems is weakening while the push for productivity is at large. As industrial and corporate networks have become united, this has complicated the interconnectedness of their control systems. The result has been the increased vulnerability to security threats, many of which are the same that plague enterprise networks, and many that are new sources that these devices were never designed to handle.Read More >