New Partnership Aims to Develop a Solution to Combat National Cybersecurity Threats

Yesterday we announced a Joint Development Agreement (JDA) with Logos Technologies and Global Velocity to develop a solution set to protect U.S. national infrastructure from potential cyber-attacks.

Supervisory control and data acquisition (SCADA) systems remotely monitor and control industrial processes at nuclear plants, sewage treatment facilities and other critical sites. However, most SCADA systems were designed before the emergence of network threats, leaving this infrastructure most vulnerable to intrusion.

Our SCADA systems are no longer simple structures with simple components.
…

Did you know that an off-site provider can perform many of the activities required to keep your control systems healthy?

With the convergence of information technology and operational technology (IT and OT), off-site providers can execute more and more control system tasks remotely. Reduction of onsite costs and the ability to focus resources on production has led many manufacturers to take advantage of remote management. It also makes for smart strategic planning: over the next four years, up to 40% of the automation workforce will be retiring. What does this mean?
…

As a follow up to last week’s discussion on  five industrial control system cyber security mistakes, I want to talk about a cyber security exercise I participated in at the ICS Cyber security (301) Training I attended recently. The five-day event featured hands-on training in cyber security and the week concluded with a red team / blue team exercise that took place within an actual control system environment.

The 12-hour exercise had participants either attacking (red team) or defending (blue team). My team, the blue team, was assigned a three-fold task:

• Provide cyber defenses for a corporate environment
• Maintain operations to a batch mixing plant, and
• Protect an electrical distribution SCADA system.
…

Recently, I attended ICS Cyber Security (301) Training at the U.S. DHS CERT facility in Idaho Falls, Id. The five-day event featured hands-on training in discovering who and what is on the network, identifying vulnerabilities, learning how those vulnerabilities may be exploited, and learning defensive and mitigation strategies for ICSs (industrial control systems). Here are five key takeaways from that training.

1. Spear phishing attacks

Do you know how most computer networks are compromised? By employees that can’t resist an email with a subject line: “Click here to get free gas for a year.” Literally, that is the subject line.
…

As control engineers, we often get tunnel vision. We get very focused on a single task such as creating our control module configuration and lose sight of the bigger picture – creating a control system. While working on my bachelor’s degree, I worked as an instrument designer for big A&E firms that built power generation stations. My job was to specify instrumentation and control elements for these projects, design control panels, create loop sheets for the hookup of the electronic instruments, and installation details for the sensing side – or in the case of pneumatic instruments – the pneumatic tubing.
…