Industrial Security

August 4, 2018

A computer virus halted several Taiwan Semiconductor Manufacturing Co.factories Friday night, dealing the company one of its most severe disruptions as it ramps up chipmaking for Apple Inc.’s next iPhones. The sole maker of the iPhone’s main processor said a number of its fabrication tools had been infected, and while it had contained the problem and resumed some ...

July 3, 2018

Industrial players, like power plants, manufacturers or water treatment centres, are embracing IoT at a great pace, but failing to consider security issues, new research has said. A report by Kaspersky Lab has claimed that while these types of organisations turn more towards IoT, they’re not doing enough to protect these investments, which makes them a sitting duck ...

June 18, 2018

BSides Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. A presentation at last week’s BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines. Read more… Source: The ...

May 27, 2018

DNV GL has published a ‘recommended practice on cyber security’ for the oil and gas industry, looking at ‘operational technology’ – such as control and automation systems. The recommended practice addresses how oil and gas companies, together with system integrators and vendors, can manage the cyber threat. The recommended practice is the result of a two-year joint ...

May 2, 2018

A severe vulnerability in a widely used industrial control software could have been used to disrupt and shut down power plants and other critical infrastructure. Researchers at security firm Tenable found the flaw in the popular Schneider Electric software, used across the manufacturing and power industries, which if exploited could have allowed a skilled attacker to ...

April 23, 2018

Nearly half of UK manufacturers have been hit by a cyber security incident, according to a report by an industry organisation, which calls for greater government focus on the specific security needs of the sector Some 48% of UK manufacturers admit they have at some time been subject to a cyber security incident, with half of ...

April 4, 2018

After a cyberattack shut down numerous pipeline communication networks this week, experts are stressing the importance of securing third-party systems in supervisory control and data acquisition (SCADA) environments. Over the past two days, various major U.S. pipelines across the country reported data system blackouts after a third-party electronic communication system was attacked. That electronic data interchange ...

April 3, 2018

A cyber attack that hobbled the electronic communication system used by a major U.S. pipeline network has been overcome. Energy Transfer Partners LP was confident that, after 6 p.m. New York time on Monday, files could safely be exchanged through the EDI platform provided by third-party Energy Services Group LLC, the pipeline company said in a notice. ...

February 26, 2018

IT (Information Technology) and OT (Operational Technology) have traditionally had fairly separate roles within an organisation. However, with the emergence of the Industrial Internet and the integration of complex physical machinery with networked sensors and software, the lines between the two teams are blurring. While greater connectivity and integration is beneficial for smart analytics, control and ...

February 17, 2018

On a broiling day last August, managers of a huge petrochemical plant in Saudi Arabia discovered to their horror that it had been attacked. The consequences could have been catastrophic: the invaders had seized command of its computerised control-and-safety system, and had the power to damage it severely. The attackers carried no guns, explosives, or conventional weapons. Yet ...

January 16, 2018

More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the ...

January 15, 2018

Patches for the Meltdown vulnerability are causing stability issues in industrial control systems. SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains. Read ...

January 11, 2018

The latest research suggests, within just two years, the security situation for SCADA has got worse to the tune of an average increase of 1.6 vulnerabilities per application tested. IOActive and Embedi security researchers looked at the security of mobile SCADA apps back in 2015 and security was not brilliant. They have now repeated that research, ...

December 15, 2017

Researchers found malware called Triton on the industrial control systems of a company located in the Middle East. Attackers planted Triton, also called Trisis, with the intent of carrying out a “high-impact attack” against an unnamed company with the goal of causing physical damage, researchers said. FireEye’s Mandiant threat research team revealed the existence of the malware ...

December 12, 2017

Security researchers have demonstrated a new technique for hacking air-gapped industrial control system networks, and hope their work will encourage the development of more robust defences for SCADA-based systems. Air-gapped industrial networks are thought to be difficult if not impossible to hack partly because they are isolated from the internet and corporate IT networks. However, in ...

November 8, 2017

The Internet of Things (IoT) is causing serious security concerns for enterprises worldwide with few companies capable of securing them as they are unable to identify devices properly, according to new research. On Wednesday, ForeScout Technologies revealed the results of a new survey into the challenges IoT poses for the enterprise. The survey, conducted by Forrester Consulting, suggests that ...

August 11, 2017

Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The space of ICS/SCADA has not changed much, so you can find devices running old OSes ...

July 14, 2017

A handful of vulnerabilities in Siemens’ SiPass integrated server have been patched, including one that allows an attacker to bypass authentication on the box. SiPass is the company’s integrated access control server managing physical access in a number of industries and use cases. The product supports card readers and integrates with video surveillance equipment, among other ...

July 14, 2017

Four out of 10 industrial control security practitioners don’t have proper visibility into their ICS networks. This is according to a new study by the SANS Institute. Based on a poll of ICS practitioners and cybersecurity stakeholders across various verticals, including energy, manufacturing, oil and gas, the report says that 40 percent of defenders are actually ...

July 3, 2017

You don’t need state-sponsored hackers to crack industrial control systems, just an empty Intel AMT login – something Siemens started patching against last week. The bug in Intel’s Active Management Technology emerged in June. It allowed a user to exploit AMT features with an empty login string, and has been shipping in processors since 2010. In Siemens’s ...