Search results for 'cyber security '

Red and Blue Team Training Brings ICS Cyber Security Weaknesses To Light

Posted by Bruce Billedeaux on April 23, 2013 @ 9:09 am

As a follow up to last week’s discussion on  five industrial control system cyber security mistakes, I want to talk about a cyber security exercise I participated in at the ICS Cyber security (301) Training I attended recently. The five-day event featured hands-on training in cyber security and the week concluded with a red team / blue team exercise that took place within an actual control system environment. The 12-hour exercise had participants either attacking (red team) or defending (blue team). My team, the blue team, was assigned a three-fold task: • Provide cyber defenses for a corporate environment • Maintain operations to a batch mixing plant, and • Protect an electrical distribution SCADA system. Continue ReadingLeave a Comment

VN:F [1.9.22_1171]
Tags:

5 Industrial Control System Cyber Security Mistakes

Posted by Bruce Billedeaux on April 16, 2013 @ 2:33 pm

Recently, I attended ICS Cyber Security (301) Training at the U.S. DHS CERT facility in Idaho Falls, Id. The five-day event featured hands-on training in discovering who and what is on the network, identifying vulnerabilities, learning how those vulnerabilities may be exploited, and learning defensive and mitigation strategies for ICSs (industrial control systems). Here are five key takeaways from that training. ICS Cyber Security 1. Spear phishing attacks Do you know how most computer networks a...

Continue ReadingLeave a Comment

VN:F [1.9.22_1171]
Tags:

Cyber security: Trusting your source for drivers, software tools

Posted by Bruce Billedeaux on June 24, 2014 @ 1:53 pm

Some of the most published cyber security events have been traced back to malicious content embedded on a trusted user's laptop through an e-mail or downloaded document. Is your process control network safe? Its two o’clock in the morning and the control system is down. Production has stopped. An automation technician has just arrived. He is reviewing the system status as we read this post. He finds the issue in a few minutes. He knows the solution, but needs to reload the controller. Unfortunately, he finds that this new laptop does not have the right drivers. He is stuck. He goes to the manufacturer’s website to get the new drivers, but since its 2:00 a.m., the website is “under maintenance.” He feels intense pressure to get the plant up and running. He scours the web for the driver and finally finds it at a “divers.ru” website. A warning pops up in his browser saying th...

Continue ReadingLeave a Comment

VN:F [1.9.22_1171]
Tags:

My Plant is Running Just Fine

Posted by Chad Harper on August 6, 2013 @ 6:43 am

Please don’t talk to me about technologies and work practices that can improve my plant performance. I can’t stand the idea of disrupting my current situation with anything new even if it is better.

fine – adj. – Satisfactory; acceptable “So, how is the plant running?” “Just fine.” With all of the progress we’ve made in technology, process engineering, safety and abnormal situation management, we have little to show for it in the process industries. Where did we go off track and what can we do about it? How do we insist that “satisfactory; acceptable” is not good enough. Engineering workforce Not too long ago, production companies had ...

Continue ReadingLeave a Comment

VN:F [1.9.22_1171]
Tags:

Safeguarding the U.S. SCADA Systems from Hackers

Posted by Paul Galeski on May 2, 2013 @ 12:41 pm

New Partnership Aims to Develop a Solution to Combat National Cybersecurity Threats

 

Yesterday we announced a Joint Development Agreement (JDA) with Logos Technologies and Global Velocity to develop a solution set to protect U.S. national infrastructure from potential cyber-attacks.

mav blogContinue ReadingLeave a Comment

VN:F [1.9.22_1171]
Tags: