Industrial Security


  • Mobile SCADA application landscape less secure than in 2015

    January 11, 2018

    The latest research suggests, within just two years, the security situation for SCADA has got worse to the tune of an average increase of 1.6 vulnerabilities per application tested. IOActive and Embedi security researchers looked at the security of mobile SCADA apps back in 2015 and security was not brilliant. They have now repeated that research, ...

  • Triton Malware Targets Industrial Control Systems in Middle East

    December 15, 2017

    Researchers found malware called Triton on the industrial control systems of a company located in the Middle East. Attackers planted Triton, also called Trisis, with the intent of carrying out a “high-impact attack” against an unnamed company with the goal of causing physical damage, researchers said. FireEye’s Mandiant threat research team revealed the existence of the malware ...

  • Why bother cracking PCs? Spot o’ malware on PLCs… Done. Industrial control network pwned

    December 12, 2017

    Security researchers have demonstrated a new technique for hacking air-gapped industrial control system networks, and hope their work will encourage the development of more robust defences for SCADA-based systems. Air-gapped industrial networks are thought to be difficult if not impossible to hack partly because they are isolated from the internet and corporate IT networks. However, in ...

  • IoT devices are an enterprise security time bomb

    November 8, 2017

    The Internet of Things (IoT) is causing serious security concerns for enterprises worldwide with few companies capable of securing them as they are unable to identify devices properly, according to new research. On Wednesday, ForeScout Technologies revealed the results of a new survey into the challenges IoT poses for the enterprise. The survey, conducted by Forrester Consulting, suggests that ...

  • Many Factors Conspire in ICS/SCADA Attacks

    August 11, 2017

    Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The space of ICS/SCADA has not changed much, so you can find devices running old OSes ...

  • Siemens Patches Authentication Bypass Flaw in SiPass Server

    July 14, 2017

    A handful of vulnerabilities in Siemens’ SiPass integrated server have been patched, including one that allows an attacker to bypass authentication on the box. SiPass is the company’s integrated access control server managing physical access in a number of industries and use cases. The product supports card readers and integrates with video surveillance equipment, among other ...

  • Industrial control security practitioners ‘working blind’ to protect their network

    July 14, 2017

    Four out of 10 industrial control security practitioners don’t have proper visibility into their ICS networks. This is according to a new study by the SANS Institute. Based on a poll of ICS practitioners and cybersecurity stakeholders across various verticals, including energy, manufacturing, oil and gas, the report says that 40 percent of defenders are actually ...

  • Intel AMT bug bit Siemens industrial PCs

    July 3, 2017

    You don’t need state-sponsored hackers to crack industrial control systems, just an empty Intel AMT login – something Siemens started patching against last week. The bug in Intel’s Active Management Technology emerged in June. It allowed a user to exploit AMT features with an empty login string, and has been shipping in processors since 2010. In Siemens’s ...

  • Vietnam seeks EU smart city know-how

    July 1, 2017

    Ho Chi Minh City requires Europe’s experience and solutions to create smart cities, a conference heard on June 30. Speaking at the “Cyber security, Internet of Things and Connected Services towards a smart city” conference, organised by the European Chamber of Commerce in Vietnam (EuroCham), Vo Quang Hue, vice chairman of EuroCham, said: “The Smart Cities ...

  • Great need to ‘improve’ the cyber security in industrial control systems

    June 30, 2017

    There is a pressing need to improve cyber security in industrial control system (ICS) environments to avoid future breaches that could impact critical national infrastructure concludes CREST, the not-for-profit accreditation body representing the technical information security industry. This is based on a report, which highlighted a number of challenges and suggests that more technical security testing has ...

  • Siemens Patches Vulnerabilities in SIMATIC CP, XHQ

    June 23, 2017

    Siemens patched two vulnerabilities in products commonly found in industrial control system setups this week. If exploited the flaws could allow an attacker to perform administrative actions or gain read access to sensitive data on affected systems. Siemens patched one issue (.PDF) on Tuesday and the other on Thursday (.PDF) this week. ICS-CERT, the Department of ...

  • Targeting the Energy Sector

    June 19, 2017

    When we think about critical infrastructures, we tend to think about energy. Whether electric power lines or supplies to oil and gas, cut off access to energy, and our worlds go dark. Though you can certainly argue that other industries are just as critical—pharmaceuticals, food supply and others—it is the energy sector that seems to ...

  • Dangerous Malware Discovered that Can Take Down Electric Power Grids

    June 12, 2017

    Last December, a cyber attack on Ukrainian Electric power grid caused the power outage in the northern part of Kiev — the country’s capital — and surrounding areas, causing a blackout for tens of thousands of citizens for an hour and fifteen minutes around midnight. Now, security researchers have discovered the culprit behind those cyber attacks ...

  • Infrastructure Software Vulnerabilities Raise Concern Among Cybersecurity Experts

    June 9, 2017

    Vulnerabilities in software that automates everything from factories to traffic lights has become the nation’s top cybersecurity threat, an agent on the FBI’s Denver Cyber Task Force said Thursday in Colorado Springs. Supervisory control and data acquisition software is used to control — sometimes remotely — many types of devices in the energy, transportation, manufacturing and ...

  • Honeywell Process Solutions to establish cybersecurity center of excellence in Singapore

    June 8, 2017

    Honeywell Process Solutions (HPS; Houston; www.honeywellprocess.com), with the support of the Singapore Economic Development Board (EDB), will  establish a new industrial cybersecurity center of excellence (COE) for Asia Pacific in Singapore. The COE will feature a state-of-the-art cybersecurity research and development lab, an advanced training facility and a security operations center that provides managed security ...

  • Industrial cyber security – Securing Operational Technology 101

    May 26, 2017

    It would be fair to say that cyber security is at the top of most businesses’ list of concerns. The increased emphasis on IT and technology – every company is a technology company today, after all – has made it this way. Technology and data have become so deeply entrenched in many organisations that if it ...

  • Deloitte and Dragos Partner on Industrial Cybersecurity

    May 9, 2017

    The industrial control system cybersecurity space continues to attract new investments, partnerships and companies. To say that the industrial cybersecurity industry has changed dramatically over the past few years would be a major understatement—not only because the changes have been so significant, but because the evolution is still underway. Just in the past few months we’ve ...

  • Factory Robots Are Easy to Hack, Researchers Show

    May 3, 2017

    In perhaps one of the scariest findings in recent months, researchers have discovered that factory robots can easily be hacked. This, of course, could have grave effects on entire industries and pose safety issues. Cybersecurity firm Trend Micro found that numerous factory robots have a weak network security, using simple combinations of username and passwords that ...

  • Almost All Security Professionals Fear an Increase in Attacks on Industrial IoT

    March 14, 2017

    As nice as it is to have a connected world, the security threats brought on by the desire to have every device we own connected to the Internet are great. In fact, a staggering 96% of IT security professionals expect an increase in attacks on industrial Internet of Things. According to a new survey published by ...

  • IIoT Hot Buttons for 2017

    February 6, 2017

    By Jason Andersen, Vice President, Business Line Management, Stratus Technologies In our 35-plus years of providing continuous availability solutions for enterprises, we’ve seen only a handful of technology shifts that you could call “seismic.” The globalisation of eCommerce was a big one that was transformational for mission critical infrastructures. At Stratus, we believe that the next ...