ICS & SCADA Security

“Stuxnet has demonstrated what experts have long feared – the entry and penetration of embedded computer systems into all areas of industry means that we now all face a potential risk from computer malware.” (Professor Dr Peter Frohlich, Belden EMEA)

Sometimes we overlook the most obvious problem in cybersecurity?.

We first heard of Stuxnet, the first malware to truly effect process automation systems, in July 2010 with a brief twitter from Automation World’s Gary Mintchell which was followed within hours by a more detailed release from Eric Byres of Byres Technology which we published in full as Security risk to the control industry world!

But maybe Stuxnet was not the start. Read, Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar Era, By Jordan Robertson and Michael Riley in Bloomberg (10/12/2014) and make up your own mind!

tech-packAs the Automation sector and we started to understand more what this involved and indeed the extent and method of the spread of this “infection” we started to compile a list of articles and references to what Byres has called the “little varmint.” Initially these were part of articles which were updated as new resources became known to us but we have decided that perhaps that is not the best way to present them and so we have started this page for more easy access.

Originally we followed only Stuxnet related matters but as things “progressed” we started to include links to other industrial and process related cyber security issues! Thus references to Duqu (Sept 2011) and more recently Flame (May 2012). ICS poster We welcome notification of resources which discuss cyber security in industrial processes. Please send the URLs to us signpost@read-out.net for inclusion in this list! In some of these posts political opinions may be expressed. Read-out has no control over these opinions expressed in these links and does not necessarily share them. Thank you Stuxnet  – the little varmint! – Articles, links and papers

32 Minutes to understand Scada Security

Tofino have  released a five-part video series to help understanding industrial cyber security.

The WIKIpedia entry! (Stuxnet)

The WIKIpedia entry (DUQU)

Eric Chien & Liam Ó Murchú (Symantec) who first realised the significance of Stuxnet

Eric Chien & Liam Ó Murchú (Symentec) who first realised the significance of Stuxnet

See also All About Stuxnet

21 Steps to improve cybersecurity of SCADA systems (The US Office of Electricity Delivery & Energy Reliability)

Cyber Security Study (2013, Control Engineering)

Industrial Control Systems Security (Paper from Pike Research)

Security, Compliance, Change Management (Series of videos from Industrial Defender)

US Computer Emergency Readiness Team (“To assist control systems vendors and asset owners/operators in identifying security vulnerabilities and developing measures to strengthen their security posture and reduce risk through sound mitigation strategies”) The presentation, Introduction to Cyber Security (5/5/2009)  by Jon DiPietro of Domesticating IT in those days before we heard about Stuxnet might be useful too. And Strong Points on Cyber-Security  from Jim Cahill of Emerson Process Experts (25/2/2010) is also a pre-Stuxnet contribution.

Stuxnet Global Discussion

Industrial Control System Cyber Security (ICS-CS) (LinkedIn Discussion Group)

SCADA Vulnerability Trends (Symentec)

Stuxnet Central (Papers, Presentations and Notes compiled by Byres Security)

Cyber Security Solutions – An Invensys initiative The Read-out Signpost also has a Security Page – Cyber Security.

ISA Courses on Cybersecurity!

Year: 2014

Thinking about cyber security (Walt Boyes, Sounding Off, 7/4/2014)

FDA Recognises ISA Cybersecurity Standards for Plant Systems (Flow Control, 26/3/2014)

Cyber Security for Water Systems – No Voodoo Required! (Heather Mac Kenzie, Tofino, 20/3/2014)

Siemens SIMATIC S7-1200 Improper Input Validation Vulnerabilities (ICS CERT, Advisory-ICSA-14-079-01, 20/3/2014)

Cybersecurity – one of the 10 trends impacting the future of ISA (Peggie Koon, ISA Interchange, 13/3/2014)

Latvia Creates Civilian Cyber Defense Unit (ISS Source, 10/3/2014)

The Internet of Things Changes Everything for Security (Hilton Collins, Government Technology. 28/2/2013)

Talk to Me: Elevating Security Awareness (Gregory Hale, ISS Source, 26/2/2014)

Easy-to-use Schneider ConneXium Tofino firewall advances SCADA security (Heather McKenzie, Tofino, 26/2/2014)

Is the Automaton Industry Enabling Cyber-Attacks? (Bill Lydon, Automation.com, 17/2/2014)

The US cybersecurity framework for implementation! (Read-out Signpost, 14/2/2014)

NIST Releases Cybersecurity Framework Version 1.0 (US NIST, ITL, 12/2/2014)

Its the Cyber/Physical Convergence, Stupid (Venkat Pothamsetty, Industrial Defender, ICS Perspectives, 6/2/2014)

Target Hackers Broke in Via HVAC Company (Krebs on Security, 5/2/2014)

Siemens Fixes SIMATIC Vulnerabilities (ISS Source, 5/2/2014)

Systems Design: Overcoming The Cyber-Physical Challenge (David Greenfield, Automation World 5/2/2014)

The Byres/Peterson Live Debate at S4x14 (Video on Tofino Site 31/1/2014)

If This Is Cyberwar, Where Are All the Cyberweapons? (Paul F Roberts, MIT Technology Review, 27/1/2014)

UK critical infrastructure at risk from SCADA security flaw (Alestair Stevenson, V3, 16/1/2014)

Making digital forensics a critical part of your cyber security defenses (Robert M. Lee, Matthew E. Luallen, Control Engineering, 15/1/2014)

New cyber-attack model helps hackers time the next Stuxnet (Akshat Rathi, Phys-Org, 13/1/2014)

Our service was interrupted, not by malware but by lightening in an unprecedented series of storms which hit Ireland in early January 2014 and which put large areas of our district out of telecommunications contact with the outside world. We will endevour to add links to items on this topic which were published in January as we come across them.

Year: 2013 

Cybersecurity cert programme launched by ISA (Read-out Signpost, 19/12/2013)

Jeff Smith’s Practical SCADA Security (Tofino, 17/12/2013)

Industrial Cyber Security Compliance & Enforcement (Bill Lydon, Automation.com, 16/12/2013)

Talking Security at the Amphion Forum 2013 (Alfidi Capital Blog, 16/12/2013)

Infrastructure cyber-security institute launched (Edd Gent, E&T magazine, 13/12/2013)

ENISA just doesn’t get ICS cyber security (Walt Boyes, SoundOff, 11/12/2013)

Siemens Attacks Industry Cyber Threat (Aaron Hand, AutomationWorld, 10/12/2013)

Siemens ICS Flaw Opens Door to Remote Attackers (InfoSecurity Magazine, 10/12/2013)

Top ten cyber security stories of 2013 (Computing.co.uk, 9/12/2013)

Japan and Europe Collaborate on Cyber Security for Critical Infrastructures (ARC Advisory, Control Design, 9/12/2013)

Air gaps not even secure (ISS Source, 4/12/2013)

What Would Nostradamus Have Said About Cyber Security in 2014? (Mark Hatton, Security Week, 3/12/2013)

Linux worm targets ICS (ISS Source 2/12/2013)

Cybersecurity Matters, But How Much? (Matt Migliore, Flow Control, 29/11/2013)

Cybersecurity: Frim art to discipline! (Keith Larson, ControlGlobal, 26/11/2013)

The NIST Cybersecurity Framework – What is it and what does it mean to you? (Ernest Haydon, Tofino, 25/11/2013)

Stuxnet creators defined 21st century warfare (Antone Gonsalves, CSO, 20/11/2013)

Langner’s final Stuxnet analysis comes with surprises (Langner, 20/11/2013)

Stuxnet’s secret twin (Ralph Langner, ForeignPolicy, 19/11/2013)

Stuxnet lives (David Greenfield, Automation World, 19/11/2013)

Firewalls, Signatures, and Blacklists, Oh My! (Darren Highfill, UtiliSec, 18/11/2013)

BP locking down personal devices in the face of cyber warfare (Derek du Preez, ComputerWorld, 12/11/2013)

DNP3 Vulnerabilities Part 2 of 2 – Why DPI Firewalls Might be Industry’s Only Hope (Eric Byres, Tofino, 12/11/2013)

Stuxnet, gone rogue, hit Russian nuke plant, space station (Times of Israel, 11/11/2013)

DNP3 Vulnerabilities Part 1 of 2 – NERC’s Electronic Security Perimeter is Swiss Cheese (Eric Byres, Tofino, 7/11/2013)

HUG: Safety, Security are One (ISS Source, 5/11/2013)

Malware Targets SAP Users (ISS Source, 5/11/2013)

Highlights from the 13th ICS Cyber Security Conference (Control, 23/10/2013)

SCADA: The new security frontier? (Jo Stewart-Rattray, ISACA, 22/10/2013)

A single cyber defense is the weakest form of cyber protection (Eric Byres, ISA Interchange, 21/10/2013)

David Mattes is bringing security to the ‘Internet of Things’ (Geekwire, 17/10/2013)

Cybersecurity strategy and actions (Bill Lydon, InTech, 16/10/2013)

Invensys: Security Awareness on Rise (Gregory Hale, ISS Source, 15/10/2013)

Cyber Threats: Hiding. Targeting Valuable Assets (Beatrice Zvosec, ISA InSights, 11/10/2013)

Cyber security experiment reveals threats to industrial systems (Control Engineering, 4/10/2013)

Cyber security experiment reveals threats to industrial systems (Control Engineering, 4/10/2013)

Belden: Raise the Security Bar (Gregory Hale, ISS Source, 7/10/2013)

Emerson: Pervasive Sensing for Safety (Gregory Hale, ISS Source, 1/10/2010)

NERC CIP Technical Gap – Removable Media (Michael Toeker, Digital Bond, 1/10/2012)

4th #Cybersecurity Framework Workshop: Good News and Bad News (Slava Borilin, Threat Post, 30/9/2013)

Security industry in ‘rut,’ struggling to keep up with cybercriminals (CSO, 30/9/2013)

Trojans Make Up 80% of Malware (ISS Source, 27/9/2013)

U.S. Government Grants More Money to Lock Down Cybersecurity in Energy (Aaron Hand, Automation World 23/9/2013)

Attack Threat Continues to Increase (ISS Source, 20/9/2013)

Enough Clucking – Start Fixing the SCADA Security Problem (Eric Byres, Tofino, 9/9/2013)

Draft cybersecurity framework gets mixed reviews, October deadline looms (CSO, 5/9/2013)

Industrial Cyber Security’s Biggest Challenge (Sid Snitkin, ARC Advisory, 5/9/2013)

A moveable RAT (ISS Source, 4/9/2013)

What a cyber security framework for industrial control systems needs to look like (Langner blog, 4/9/2013)

Insurer sues over breach claims (ISS Source, 3/9/2013)

Your ICS Security Strategy: Learn How and Where to Start (Frank Williams, Tofino, 22/8/2013)

Execs, Staffers Differ on Security (ISS Source, 21/8/2013)

Defeating the Hackers (BBC Horizon, 19/8/2013)
This was on-line for a short time but has apparantly been withdrawn!

Cybersecurity standard defines key technical requirements for industrial control systems (Read-out Signpost, 21/8/2013)

Making machinery and plant more secure (Control Engineering EU, 20/8/2013)

Industrial Control System Security Is Hampered by a Lack of Awareness (Tracey Schelmetic, ThomasNet, 20/8/2013)

Automated Hacking Tools (ISS Source, 16/8/2013)

Taking the lead on the development of the cybersecurity framework (Terrence Ives, ISA Interchange, 8/8/2013)

Who’s really controlling the grid? (Kathleen Wolf Davies, Intelligent Utility, 6/8/2013)

Black Hat: SCADA Out of Control (Gregory Hale, ISS Source 2/8/2013)

Chinese Hacking Team Caught Taking Over Decoy Water Plant (MIT Technology Review, Tom Simonite, 2/8/2013)

Cybersecurity & Your SCADA Network (Jeffery Mayger and Len Robbins, Flow Control, 1/8/2013)

The system is still broken – the failure of a cyber-sensitive substation device affecting a nuclear plant (Joseph M. Weiss, ControlGlobal, 1/8/2013)

Don’t Count on Network Security by Obscurity (Jim Montague, Control Design, 31/7/2013)

Securing Industrial Protocols – It Can Be Done (Heather McKenzie, Tofino, 30/7/2013)

National conversation on the defence of our Nation and Protecting Civil Liberties and Privacy (VIDEO: Gen Keith Alexander, Commander US Cyber Command, Black Hat Conf., Las Vegas, USA, 31/7/2013) – not strictly ICS or SCADA but useful background to be aware of.

Cyber threat to wireless devices 40 miles away (Process Industry Match, 26/7/2013)

The cybersecurity threat – taking it personally (Carol Schafer, ISA Interchange, 24/7/2013)

Cyber Security Challenges Continue (Seán Ottwell, Chemical Processing, 18/7/2013)

SCADA Maker Issues Bug Bounty (ISS Source, 17/7/2013)

An Interesting Systems Look at Cybersecurity (Patrick Coyle, Chemical Facility Security News 16/7/2013)

Cyber Security Spending in Critical Infrastructure to Hit $46 Billion Globally (ABI Research. 16/7/2013)

NIST meeting on cyber standards underscores business, regulatory concerns (Inside Cybersecurity, 15/7/2013)

SCADA Honeypots lure industrial hackers into the open (HITEbsecnews, 10/7/2013)

Protecting water and wastewater facilities from cyberattack (David Mattes, ISA Interchange, 10/7/2003)

The Beltway Bandits and Cybersecurity (Walt Boyes, ControlGlobal, 9/7/2013)

Hackers and cyber-warfare drive strong growth in ICS cyber security market (Sid Snidkin, ARC Advisory 9/7/2013)

Cyber Security Study 2013 (Control Engineering 9/7/2013)

NIST Critical Infrastructure Cyber Security Framework (NISTCSF) Effort Steaming Ahead (Smart Grid Security Blog, 9/7/2013)

13 ways through a firewall: What you don’t know can hurt you (Andrew Ginter, ISA Interchange, 8/7/2013)

Security – the next frontier (Keith Campbell, On the Edge, 27/6/2013)

Securing Offshore O&G Platforms – Advanced Threats need Advanced Firewalls (Heather MacKenzie, Tofino, 27/6/2013)

Attacking a system today is as easy as jumping on to YouTube and watching a video (G. Hale, ISS Source, 26/6/2013)

Six steps to control system cybersecurity (Leo Neitzel, InTech, 26/6/2013)

Cyber Security in the Internet of Things (Christopher J. Rezendes & W. David Stephenson, Harvard Business Review, 21/6/2013)

Cyber security, globalization and IT trends fuelling busy year for control system integrators (Automation Manufacturing, 19/6/2013)

Breach discovery: 10 hours (ISS Source 17/6/2013)

SANS Top 20 Critical Controls for ICS: a practical approach to cybersecurity in OT (Industrial Defender, 14/6/2013)

Rush to Fix Medical Device Bug (ISS Source, 14/6/2013)

Implementing security for industrial automation systems (Part 2) (Ronald Krutz, ISA Interchange, 12/6/2013)

Managing cybersecurity risk (Jim deLoach, NACD, 7/6/2013)

Unicorns & Air Gaps, do they really exist (Video Power Point Presentation by Eric Byres, Tofino Security at Automation Conference 2013, 6/6/2013)

Implementing security for industrial automation systems (Part 1) (Ronald Krutz, ISA Interchange, 5/6/2013)

Secure Industrial Networks with the Right Tools (Heather McKenzie, Tofino, 4/6/2013)

Honeypots Attacked But Not Real ICS? (Chemical Facility Security News, 28/5/2013)

If nobody can win, it’s not a war (Richard Chirgwin, The Register, 27/5/2013)

IT security vendors seen as clueless on industrial control systems (23/5/2013. Antone Gonsalves, CSO onLine)

NIST Analysis of Cyber Security Framework (ISS Source, 22/5/2013)

Cyber Achilles Heal Afflicts Electric Sector (and other) Senior Leaders (Smart Grid Security Blog, 22/5/2013)

Spreading the word about cybersecurity (Amber Corrin, FCW, 15/5/2013)

Security IQ Quiz: How You Scored (Neil Rubinking, Security Watch, 15/5/2013)

Cyber Security Continuous Improvement: Do Something! (Renee R Basset, Automation World, 15/5/2013)

Companies, government unprepared for new wave of cybersabotage (Anton Gansalves, CSO, 14/5/2013)

SCADA More Secure with New Algorithm (ISS Source, 14/5/2013)

Cyberattacks Against U.S. Corporations Are on the Rise (David Sanger & Nicole Perlroth, NY Times, 13/5/2013)

Report: Mobile Devices More Secure (ISS Source, 13/5/2013)

Honeypots Lure Industrial Hackers Into the Open (Tom Simonite, MIT Technology Review, 8/5/2013)

ISA fully engaged in cybersecurity (Bill Lydon, InTech, 7/5/2013)

Researchers Hack Building Control System at Google’s Australian HQ (Kim Zetter, Wired, 6/5/2013)

SCADA and ICS Cyber Security: Facing the Facts (Eric Byres, Tofino, 3/5/2013)

Shamoon mitigation strategies (ISS Source, 1/5/2013)

Cyber Security Tools And Methods For Network Penetration Testing (Peter Welander, Control Engineering, 24/4/2013)

Insights from NIST’s first cybersecurity framework workshop (Nadya Bartol, Intelligent Utility, 23/4/2013)

Security for water utility automation network (Industrial Ethernet Book, 4/2013)

FERC reviews grid cybersecurity protection (UPI, 19/4/2013)

The ANSI/ISA-62443-3-3 Standard – What Does it Mean to Me? (Kevin Staggs, Honeywell, 19/4/2014)

SCADA Cyber Security: An International Issue (Thomas Nuth, Hirschmann, 18/4/2013)

Cybersecurity standards for electric grid seen expanding (Brian Wingfield, Bloomberg, 18/4/2013)


The Adventures of Stuxnet, the Destructor (Wired, 16/4/2013)

Cyber Security: Understanding Spear Phishing And Defense Techniques (Matt Luallen, Control Engineering, 16/4/2013)

Securing SCADA Systems: Why Choose Compensating Controls? (Eric Byres, Tofino, 11/4/2013)

The Data Diode Question (Tom Ahrich, 6/4/2013)

Making Patching Work for SCADA and ICS Security (Eric Byres, Tofino 4/4/2013)

Panel talks cyber security on the grid (Mathew Young, ABB, 28/3/2013)

Change is in the wind for SCADA (Walt Boyes, Control 27/3/2013)

Patching for SCADA and ICS Security: The Good, the Bad and the Ugly (Eric Byres, Tofino, 26/3/2013)

Next-wave malware aims for mayhem, not money (Phil Gardener, IAN in CSO, 23/3/2013)

Schneider, Researcher Disagree on Holes (ISS Source, 21/3/2013)

“Who’s Really Attacking Your ICS Equipment?” (Industrial Defender, Trend Micro, 21/3/2013)

Cyber Security, Critical Infrastructure, and Obama’s Executive Order (Wall Street Journal, CIO Journal, 19/3/2013

Honeypots Show ICS’ Under Attack (ISS Source 18/3/2013)

Thoughts on CFATS Hearing (Chemical Facility Security News, 18/3/2013)

Honeypot for phony waterworks gets hammered on Internet (Ellen Mesmer, Network World, 15/3/2013)

Who’s really attacking your ICS Equipment? (infosecurity, 15/3/2013)

SCADA Security: Welcome to the Patching Treadmill (Eric Byres, 14/3/2013)

Cyber Security – Product or Service? (Jim Pinto, Automation World, 13/3/2013)

Cyber Security Advice From The Field Highlights (Control Engineering, 11/3/2013)

Layer Eight: A wider net for corporate phishing (Industrial Ethernet Book 11/3/2013)

Kaspersky Internet Security 2013 bug can lead to system freeze (Lucian Constantin, Network World, 7/3/2013)

SCADA Security: Phishing Season is Open (Eric Byres, Byres Security, 7/3/2013)

Bound to Fail: Why Cybersecurity Risk Cannot Simply Be Managed Away (ControlGlobal, 7/3/2013)

Confront Control System Challenges (Jacob Kitchel and Michael Piccalo, Chemical Processing, 4/3/2013)

Cyber Security Advice From The Field (Peter Wellandar, Control Engineering, 4/3/2013)


• Infographic (right) by Veracode Application Security

Cyber safety – what happens next? (Control Engineering Europe, 1/3/2013)

Stuxnet, older than we think! (ISS Source, 27/2/2013)

The real story of Stuxnet! (David Kuchner, IEEE Spectrum, 26/2/2013)

Stuxnet Missing Link Found, Resolves Some Mysteries Around the Cyberweapon (Kim Zetter, Wired, 26/2/2013)

‘Trust” risk losses soaring! (ISS Source, 21/3/2013)

Hackers take aim at key U.S. infrastructure (CNN 20/3/2013)

Security Checklist for CEOs (ISS Source 19/2/2013)

SCADA Security: Big Picture Planning is Key (Bob Lockhart, Tofino Blog 18/2/2013)

Working to cut out spear phishing (ISS Source 18/2/2013)

Speak Up NOW on New IF-MAP Specs for ICS and SCADA Security (Eric Byres, Tofino, 7/2/2013)

State of SCADA Security ‘Laughable’, Researchers Say (Dennis Fisher, Threat Post, 3/2/2013)

“Rip and Replace” Approach to SCADA Security is Unrealistic (Eric Byres, Tofino, 30/1/2013)

Cyber Security Spreads (Dave Greenfield, Automation World, 30/1/2013)

In Cyber Security, It’s the Whole Picture That Matters (Bob Lockhart, Pike Research, 28/1/2013)

OT vs. IT; the debate continues. ICS Security improving none-the-less (Kim Legellis, Industrial Defender, 28/1/2013)

SCADA Security Directions 2013 (Eric Byres, Byres Security, 28/1/2013)

Employees put critical infrastructure security at risk (CSO, Matt Hines, 25/1/2013)

Power Plant Off-Line Three Weeks Due to Malware (Gary Mintchell, Automation World, 24/1/2013)

Firewall Passes Tough Testing (ISS Source 16/1/2013)

UPDATE 1-Malicious virus shuttered U.S. power plant -DHS (Reuter’s 16/1/2013)

Energy sector remains the main target of cyber attacks (Molly Ryan, Houston Buisness Journal, 16/1/2013)

The SCADA Patch Problem (Kelly Jackson Higgins, Dark Reading, 15/1/2013)

SCADA Security Zeitgeist 2012 (Heather McKenzie, Tofino, 9/1/2013)

ICS-CERT and Unsupported Control Systems (Chemical Facility Security News, 9/1/2013)

Security Gets Embedded (David Greenfield, Automation World, 8/1/2013)

Post-Stuxnet Industrial Security: How to Detect Industrial Malware on Day Zero (White Paper, Control 8/1/2013)

Downtime: Utility Suffers Virus (ISS Source 2/1/2013)

It’s Global cyber war out there! (Christopher Joye, Financial Review 2/1/2013)

Control System Malware Alert (ISS Source 2/1/2013)

Year 2012

The real story of Stuxnet (David Kushner, IEEE Spectrum, 26/2/2013)

Tofino Security Appliance thwarts cyber attacks (Bill Lydon, Automation.com, Jan’2013)

Your Utility’s Focus for 2013? Cyber Security (The Energy Collective 20/1/2013)

The Current State of Mobile Malware (Symantec 19/12/2012)

New report on Smart Grids cyber security measures; a risk-based approach is key to secure implementation (ENSA 19/12/2012)

Why Is Cybersecurity Still a Problem in SCADA and Control Networks? (ControlGlobal, 18/12/2012)

Another survey says utilities taking cyber security seriously – really? (Joe Weiss, Control 14/12/2012)

2012 SCADA Security Predictions – How Did Eric Byres Do? (Laura Mattson 12/12/2012)

TransAtlantic Cyber Security Summit – Observations (Control 1/12/1012)

Industrial Control Systems Security (Pike Research, Study 30/11/2012)

Proactive detection of security incidents II – Honeypots (Paper: ENISA, 26/11/2012)

Attack Vector: Privileged Access Points (ISS Source 26/11/2012)

“Analysis of 3S CoDeSys Security Vulnerabilities for Industrial Control System Professionals” (White Paper: Byres & Langill, Tofino, 21/11/2012)

Security firm showcases vulnerabilities in SCADA software, won’t report them to vendors (PC World 21/11/2012)

Control System Security: When Will We Wake Up? (Gary Mintchell, 15/11/2012)

Stuxnet Hit 4 Oil Companies (Richard Sale, ISS Source, 15/11/2012)

Address SCADA Security Vulnerabilities NOW, Not Later (plus White Paper) (Eric Byres, Byres Security, 8/11/2012)

SCADA Security Basics: Integrity Trumps Availability (Eric Byres, Byres Security, 6/11/2012)

Security: The Difference Between IT and Industrial Control (Automation World, 1/11/2012)

What’s on your mind? (John Nesi, Intech, 1/11/2012)

SCADA Security Basics: Why Industrial Networks are Different than IT Networks (Tofino, 31/10/2012)

Disavowing Air Gaps (Greg Hale, ISS Source, 30/10/2010)

Talking cyber security: practices, policies, scenarios – Part 2 (Phil Carson, IntelligentUtility 30/10/2012)

Demand Certification? (ISS Source Greg Hale from Yokogawa UG’12 30/10/2012)

12th ICS Cyber Security Conference observations (ControlGlobal, 29/10/2012)

Desperately Seeking Cybersecurity (Keith Larson, Control, 29/10/2012)

Talking cyber security: practices, policies, scenarios – Part 1 (Phil Carson, IntelligentUtility 29/10/2012)

Legal fears muffle warnings on cybersecurity threats (Reuters, 29/10/2012)

Shamoon Malware and SCADA Security – What are the Impacts? (Heather MacKenzie 25/10/2012)

A New Cybersecurity Technique (Chemical Factory Security News, 18/10/2012)

7 MiniFlame Facts: How Much Espionage Malware Lurks? (Mathew J. Schwartz   InformationWeek, 17/10/2012)

SCADA Security: Tofino provides an Alternative to Patching (Byres Security, 17/10/2010)

ICSJWG: Cyber Exercises a Key (Greg Hale, ISS Source, 17/10/2012)

Securing Critical Information Infrastructure: Trusted Computing Base (SecureList, 16/10/2012)

Meet Flame Espionage Malware Cousin: MiniFlame ( Mathew J. Schwartz   InformationWeek 16/10/2012)

Iran behind Shamoon Attack (Richard Sale, IIS Source, 15/8/2012)

miniFlame aka SPE: “Elvis and his friends” (SecureList 15/10/2012)

The Critical SCADA Security Patch that your Control System Isn’t Getting (Eric Byres, 12/10/2012)

Where Do you Draw the Line in Applying Security to Your Systems? (Walt Boyes, ControlGlobal 9/10/2012)

Cyber security and distribution systems (Phil Carson, Intelligentutility, 7/10/2012)

SCADA Security is a Mindset – ISSSource Explains Why at Belden Design Seminar (Greg Hale speaks at Belden Conference 4/10/2010)

Belden: Security Front and Center (Greg Hale, ISSSource, 3/10/2012)

The Security and Compliance Challenges of ICS (Industrial Defender, 3/10/2012)

Shamoon Mitigations Shelter Systems (G Hale, ISS Source 28/9/2012)

Malware attack on RasGAs in the Middle East (ControGlobal, 27/9/2012)

Shamoon Malware and SCADA Security – What are the Impacts? (Heather McKenzie, Tofino, 25/9/2012 updated version 25/10/2012)

Flame siblings  remain undetected (ISS Source, 21/9/2012)

Was the US government involved in Stuxnet? (efeedback in Jim Pinto’s eletter 21/9/2012)

‘Shamoon’ Virus that devastated Saudi Oil Co. likely to have done more damage (Constantine von Hoffman, CIO, 19/9/2012)

Awesome SCADA Security Operations Centre (David Alexander, Regency IT, 19/9/2012)

Inadequate Smart Grid Security Poses Risk To Consumers (Dark Reading 19/9/2012)

US accused of creating three more computer super-viruses (RT 17/9/2012)

Full Analysis of Flame’s Command & Control servers (Securelist, 17/9/2012)

SCADA Security Basics: Why are PLCs so Insecure? (Erik Schweigert, 12/9/2012)

SCADA Security Basics: SCADA vs. ICS Terminology (Eric Byres, 5/9/2012)

Siemens Network Security Issue Revealed (Venkat Pothamsetty, Automation World, 29/8/2012)

Honeywell Leads ICS and SCADA World with ISASecure Certifications (Eric Byres, 29/8/2012)

Most cybersecurity incidents in Europe remain undetected or not reported (Homeland Security News Wire 29/8/2012)

EU-US Open Workshop on Cyber Security of ICS and Smart Grids (ENISA, 28/8/2012)

Smart Grid Cybersecurity: DHS Reports Vulnerability in RuggedCom’s Software (Jeff St John, GreentechGrid, 23/8/2012)

Popular Malware for July (ISS Source 23/8/2012)

SCADA Air Gaps – Technology or Philosophy? (Eric Byres – Clarification, 22/8/2012)

U.S. looks into claims of security flaw in Siemens gear (Jim Finkle, Reuters, 21/8/2012)

Shamoon virus targets energy sector infrastructure (BBC News, 18/8/2012)

Companies Rush to Tailor Products to New Cyber-Attacks (TMC Net, 15/8/2012)

Tool Detects Gauss Font (ISS Source, 15/8/2012)

Industrial Network Security – Evaluating the Risks (Thomas Nuth, Hirschmann, 14/8/2012)

Stuxnet Cousin Can Hit ICSes (ISS Source, 13/8/2012)

Cyber Security Risk to Smart Grids and Intelligent Buildings (Science Daily, 13/8/2012)

Stuxnet Fears: Iran Ministries Air Gap (Greg Hale, ISSSource, 13/8/2012)

Stuxnet/Flame/Gauss and the limits of cyber espionage (William Jackson, GCN, 10/8/2012)

Gauss: Nation-state cyber-surveillance meets banking Trojan (Kaspersky Lab Expert, Securelist, 9/8/2012)

ICS Security and VLANs – Boogeyman or Helper? (Oliver Kleinberg, 9/8/2012)

Stuxnet: The New Face of 21st Century Cyber Warfare Infographic (Neil de Paul, Infographics, 8/8/2012)

ICS, SCADA Myth: Protection by Firewalls (Andrew Gintner. ISSSource, 8/8/2012)

How the Experts Would Fix Cyber Security (Bloomberg Businessweek, 2/8/2012)

SCADA Security: New Vulnerability Disclosure Framework a Step Forward (Ernest Hayden, Verizon, 26/7/2012)

The Time For Cyber Security Legislation is NOW! (ICS Perspectives 26/7/2012)

Black Hat: Air Gap Myth Buster. (Greg Hale ISSSource on Eireann Leverett at 2012 Black Hat Conf, 25/7/2012)

Manufacturer declares death of bugs Stuxnet used to sabotage Iran nukes (Dan Goodin, Ars Technica, 24/7/2012)

Siemens Patches Stuxnet-Like SCADA Bugs (Christopher Brooks, Threat Post, 24/7/2012)

Smarter protection for smart grid (McAfee, Report pdf, 24/7/2012)

Flame, Duqu and Stuxnet: in-depth code analysis of mssecmgr.ocx (Aleksander Matrosov, ESET THreat Blog 20/7/2012)

Video: Cyber Security Students, Class Of 2012 (Peter Welander, Control Engineering, 19/7/2012)

Securing SCADA and Process Systems from Advanced Persistent Threats. (Eric Byres, Oil & Gas Monitor, 19/7/2012)

Hazards of Single Method of Cyber-Security Defense (Emerson Process Experts, 18/7/2012)

SCADA Security: A Call-out to Control Engineers about Air Gaps (Eric Byres, 17/7/2012)

Businesses should ‘air gap’ servers and understand Chinese language (Dan Raywood, SC Business, 17/7/2012)

SCADA Security: Is the Air Gap Debate Over? (Eric Byres, 12/7/2012)

Microsoft-revokes-own-certificates (ISS Source, 12/7/2012)

Companies Rush to Tailor Products to New Cyber-Attacks (Eric Beidal, National Defense, 8/7/2012 – labled August 2012!)

The dark side of mobility (Mathew Luallen, Control Engineering, 6/7/2012)

#1 ICS and SCADA Security Myth: Protection by Air Gap – Update (Eric Byres, 5/7/2012)

Born on the 4th of July: Will There Be Collateral Damage in Cyberwar to U.S.? (Arik Hesseldahl, AllThingsD 4/7/2012)

Flame and Stuxnet – What Should the Strategic Response of a CI Operator Be? (Industrial Defender, 3/7/2012)

Senate Republicans propose revised cyber threat sharing law (Fahmida Rashid, SC Magazine, 3/7/2012)

ICS-CERT: Attacks on rise (Greg Hale, ISS Source, 29/6/2012)

Cyber Secure Device Certification (Nick Shable, ISS Source, 27/6/2012)

Are We Spending Enough or Too Much On Security? (Dale G Peterson, Digital Bond 26/6/2012)

Security Threat Modeling (Greg Hale @ Siemens Summit 26/6/2012)

Birth of CERT (Greg Hale @ Siemens Summit 26/6/2012)

MI5 boss: Cyber spies, web-enabled crooks threaten UK econoomy! (John Leyden, The Register, 26/6/2012)

Cyber attacks on U.S. critical infrastructure will intensify (Heather McKenzie, Tofino, 26/6/2012)

Stuxnet cyberweapon set to stop operating (Mark Clayton, Christian Science Monitor, 23/6/2012)

Iran: ‘Massive Cyber Attack’ Detected (ISS Source, 22/6/2012)

Iran says detected “massive cyber attack:”  (Reuters 21/6/2012)

Cyber Wars put Companies at Risk (ISS Source 21/6/2012)

Securing SCADA systems from APTs like Flame and Stuxnet – Part 2 (Eric Byres, Byres Security,  19/6/20120

The dangers of NOT passing cybersecurity legislation in 2012 (Brian Ahern, Industrial Defender, 18/6/2012)

Week in review: Link between Flame and Stuxnet discovered, and cracking LinkedIn passwords (HNS, 18/6/2012)

India on Stuxnet Alert (Richard Sale & Gregory Hale, The Shield, 18/6/2012)

How Flame virus has changed everything for online security firms (John Naughton, The Guardian, 17/6/2012)

The Vulnerabilities Market and the Future of Security (Bruce Schneier, Crypto-Gram Newsletter 15/6/2012 – also other items of interest eg


Flame Out: Certificate Management Changed (ISS Source, 15/6/2012)

Honeynet Project tackles USB-carried malware like Flame (Antone Gonsalves, InfoWorld, 15/6/2012)

HUG: Security Plan a Must (Greg Hale, ISSS, 13/6/2012)

Honeywell takes aim at security & safety (Nancy Bartels, Control Global, 13/6/2012)

Flame & Stuxnet – Automation Malware with Common Heritage (Jim Pinto 12/6/2012)

Flame Properties Spark Innovation (IIIS 12/6/2012)

Securing SCADA systems from APTs like Flame and Stuxnet – Part 1 (Eric Byres, 12/6/2012)

Cyber Attack 2.0, the Flame Trojan (Thomas Menze, ARC, 6/6/2012)

Flame: Replication via Windows Update MITM proxy server (Aleks Kasprersky, SecureList, 6/6/2012)

Talk to Me: Stuxnet, Flame a Global Alert (Greg Hale ISS Source 6/6/2012)

Stuxnet warfare – the gloves are off (Eric Byres, 5/6/2012)

A Pandora’s box we will regret opening (Mikko Hypponen, NYT, 5/6/2012)

Why attack when we can’t defend! (Ralph Langner NYT, 4/6/2012)

Industries On—and Off—the Cutting Edge of Cyber Security (David Greenfield, Automation World, 4/6/2012)

Stuxnet, Disgraceful Conduct and the Next Growth Industry (Jeffrey Carr, Digital DAO, 2/6/2012)

Cyberattacks on Iran — Stuxnet and Flame (New York Times 1/6/2012)

The consequences of cyberwar (Walt Boyes, ControlGlobal, 1/6/2012)

Report: Obama ordered Stuxnet to continue after bug caused it to spread wildly (Kim Zetter, Wired, 1/6/2012)

Why antivirus companies like mine failed to catch Flame and Stuxnet (Mikko Hypponen, Wired, 1/6/2012)

Security Advisor Newsletter: Best Practices (Invensys May 2012)

‘Super-powerful’ Flame worm actually boring BLOATWARE (John Leyden, The Register, 31/5/2012)

DHS says no evidence that Flame targets industrial systems, but urges caution (Paul Roberts, Threat Post 31/5/2012)

How to check for Flame! (Jacob Kitchel, IIS Source, 31/5/2012)

Cyber Security: Flame Malware (Invensys Cyber Security Blog 31/5/2012)

Update on Flame (TL Malware Blog, 31/5/2012)

Flame Malware: Boring, Bloated and Yet Still Effective (Dennis Fisher, Threat Post 30/5/2012)

Flame Malware and SCADA Security: What are the Impacts? (Eric Byres 29/5/2012)

Flame: ’20 times larger than Stuxnet!’ (Greg Hale, ISS Source 29/5/2012)

Flame malware heats up the landscape (TL Malware blog, 29/5/2012)

Global wave of Flame cyber attacks called staggering (Nancy Owano Physics.org 28/5/2012)

Flame Espionage Malware Seeks Middle East Data (Mathew Schwartz, Information Week, 28/5/2012)

The Flame: Questions & Answers (Aleks Kaperskey, Securelist 28/5/2012)

Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers (Kim Zetter, Wired 28/5/2012)

What is the best defence against  Stuxnet (ControlGlobal 28/5/2012)

SCADA Security and Fault Tolerance – A Beautiful Pairing! (Oliver Kleineberg, Tofino Security, 23/5/2012)

AusCERT 2012: Security and standards, not “air gaps”, needed to protect SCADA systems (Richard Chirgwan CSO on-line 18/5/2012)

Using ANSI/ISA-99 Standards for SCADA Security  (Eric Byres 16/5/2012 – includes link to White Paper!)

Cyber Security: Common Sense Security For Industrial Engineers (Dan Schaffer, Dan Fenton, Control Engineering 14/5/2012)

Microsoft Adjusts as Duqu Lingers (ISS Source 11/5/2012)

Why SCADA Firewalls Need to be Stateful – Part 3 of 3 (Joel Langil 9/5/2011 – Part 1 11th Apl and Part 2 25th Apl below)

ICSJWG: Users Must Demand Security (Greg Hale ISS Source 9/5/2012 More interesting security stuff from ISS Source if you

search for ICSJWG on the site!)

Automation Applied: Virus Prevention Using Deep Packet Inspection Part 1 (link) & 2 (Eric Byres Video Presentations from Automation World 7/5/2012)

About That Safety and Security Stuff (Walt Boyes, ControGlobal 4/5/2012)

Technology Roadmap: Deep Packet Inspection for SCADA and Process Controls (Automation World – includes short tutorial on Deep Packet Inspection from Eric Byres: 4/5/2012)

Securing Control Systems with System Integrators (Frank Williams, Byres Security 3/5/2012)

A New Cyber Security Model for SCADA (Eric Knapp, Security Week 1/5/2012)

Cyber Security Lesson’s from Iran: The Sequel (ICS Perspectives 26/4/2012)

Why SCADA Firewalls Need to be Stateful – Part 2 of 3 (Joel Langil, 25/4/2012)

ICS Alert: Utilities Targeted (ICSS 23/4/2012)

Unprotected Control Systems Are Easy Pickings  (#ABBAPWorld 23/4/2012)

Iran Says Virus Has Hit Oil Sector (Benoit Faucon & Farnaz Fassihi, Wall Street Journal 23/4/2012)

Control System Security Center Against Cyber-Attacks Established in Japan (Shinichiro Ka, ARC 20/4/2012)

Stuxnet & Duqu, update on cyber weapons usage (Security Affairs 19/4/2012)

Effective Security Requires Involved Leadership (Ernest Hayden VeriZon 18/4/2012 – on Tofino Blog)

New Stuxnet Waiting for Green Light  (Richard Sale, ISSSource, 18/4/2012)

Practical Defense:  Protecting Your Production From Cyber Crime EGuide  (Control Engineering 13/4/2012)

The Future of Project Basecamp (Dale Peterson, Digital Bond 12/4/2012)

Stuxnet Loaded by Iran Double Agents (Richard Sale ISSource 11/4/2012)

Why SCADA Firewalls Need to be Stateful – Part 1 of 3 (Joel Langill, 11/4/2012)

Rise of “forever day” bugs in industrial systems threatens critical infrastructure (Dan Goodin, Ars Technica 10/4/2012)

Project Basecamp: News from Camp 4 (Reid Weightman DigitalBond 5/4/2012)

SCADA Security and Deep Packet Inspection – Part 2 of 2 (Eric Byres 4/4/2012)

Weighing in on the Effect of Stuxnet (Kin Legelis Industrial Defender 3/4/2012)

The Stuxnet Effect on Cyber Security (Automation World 31/3/2012)

Cyber Warning: Duqu’s back! (ISS Source 30/3/2012)

SCADA Security & Deep Packet Inspection – Part 1 of 2 (Eric Byres 29/3/2012)

Talk to me! Bonus of Security (Gregory Hale ISS Source 28/3/2012)

Industry leaders convene in Dubai to address unprecedented levels of cyber crime across the Nation (eco Seed 28/3/2012)

Remaining vigilant to cyber attack (Prof Peter Froehlich, Control Engineering E 27/3/2012)

Cybersecurity Bill: Vital Need Or Just More Rules? (Tom Gjelten NPR 22/3/2012)

Get Ready for Next Stuxnet (Nick Sheble IIS Source 21/3/2012)

Duqu Report: Code is Old School (ISS Source 21/3/2012)

Duqu still at work (Greg Hale ISS Source 21/3/2012)

Defense in Depth Part 2: Layering Multiple Defenses (Eric Byres 21/3/2012)

Black Hat Europe Survey: 75% of IT Security Pros Believe We’ll See a Significant SCADA Breach in 2012 (EON 20/3/2012)

Integrating Security, Compliance, Change (Manufacturing.Net 20/3/2012)

Irishman who deciphred the cyber-virus attack on Iran (Lara Marlow Irish Times 17/3/2012)

Air gaps wont stop Stuxnet’s children (Eric Byres 14/3/2012)

Stuxnet, The Nation’s Power Grid, And The Law Of Unintended Consequences (Brian Royern Dark Reading 12/3/.2012)

Duqu Language Vexes Researchers (ISS Source 9/3/2012)

Duqu aka Stuxnet 2.0 Trojan has unkown programming language!! Kaspersky asks help of programmers (Indian Dragon 9/3/2012)

SCADA Security: Justifying the Investment (Frank Williams 7/3/2012)

Stuxnet and Espionage Segment on 60 Minutes (Doug Brock, Factory Automation Blog, 7/3/2012)

PLCs, Malicious Software, and Cyber Warfare (Miles Budimir, Engineering Exchange 6/3/2012)

The Top 5 SCADA Security Threats for 2012 (Synergist SCADA 3/3/2012)

Security to Industry: Time to Wake Up! (ISS Source 29/2/2012)

Defense in Depth is Key to SCADA Security  Part 1 (Eric Byres 28/2/2012)

How Secure Is That Mobile Device? (Control Engineering 21/2/2012)

Industrial network security (Jim Pinto 20/2/2012)

Your plan for better cyber security! (Read-out Signpost 17/2/2012 – paper 7 Steps)

Norman announces new SCADA security system to protect against Stuxnet-type threats (eChanellLine 17/2/2012)

DoD Readies for Stuxnet-like Attack(Richard Sale ISS Source 13/2/2012)

Network Security Begins With Password Control and Firewall Maintenance (Jim Montague, Control Design 9/2/2012)

Factory of the Future meets Stuxnet’s Children: Egad! (Eric Byres, 8/2/2012)

Uninterruptible power supplies and cybersecurity (Michael A Stout, InTech Jan/Feb 2012)

Is Stuxnet dead? (Amy Richradson, Flow Control, 1/2/2012)

Time for a Revolution (Eric Byres; Blog 20/1/2012)

Cyber security vulnerability assessment(Matt Luallen Control Engineering 9/1/2012 – not strictly stuxnet but of interest!)

Stuxnet, Duqu tip of the iceberg; more attacks on tap (Willaim Jackson GCN 5/1/2012)

Stuxnet, Duqu Link Grows Stronger (Greg Hale ISS Source 3/1/2012)

Year 2011

Security researcher blows whistle on gaping Siemens’ security flaw ‘coverup’(Kevin Fogarty, IT World, 21/12/2011)

Build Better Cyber Security (Rick Kaun, Sustainable Plant 19/12/2011)

Stuxnet to Duqu: The wait begins! (Greg Hale, ISS Source 14/12/2011)

Stuxnet a ‘perfect match’ to Iran nuclear facility, photo reveals (Darren Pauli SC Magazine 9/12/2011)

Stoppng Stuxnet attacks (Nick Shable, ISS Source 8/12/2011)

Proactive detection of network security incidents, report (ENISA, 7/12/2011)

Attackers Clean Out Duqu Servers (ISS Source 5/12/2011)

Stuxnet Strike on U.S. Utility Signals Disturbing Trend (Mark Long, Newsfactor 21/11/2011)

Duqu from ‘Well-Funded Coders’ (ISS Source 14/11/2011)

Duqu creators apparently have a thing for Dexter (Daniel McCall, The Inquisitor 12/11/2011)

Duqu and Rumors of War (Richard Sale ISS Source 10/11/2011)

Duqu: father, son, or unholy ghost of Stuxnet? part 2 (Jeremy Sparks, Robert M. Lee, and Paul Brandau SC magazine 9/11/2011)

Son of Stuxnet could usher in a new chapter in cyber warfare (William Jackson GCN 4/11/2011)

Duqu: father, son, or unholy ghost of Stuxnet? Part 1 (Jeremy Sparks, Robert M. Lee, and Paul Brandau SC magazine 2/11/2011)

Stuxnet Raises ‘Blowback’ Risk In Cyberwar (Tom Gjelten NPR 2/11/2011)

Win32/Duqu: It’s A Date (David Harley, ESET Threat Blog 26/10/2011)

Looking for Duqu’s Real Target (ISS Source 26/10/2011)

Duqu Riles ICS Security Pros (Nancy Bartels, Control Global 21/10/2011)

The Precursor to the Next Stuxnet (Sound Off 21/10/2011)

Stuxnet creators suspected to be behind new Duqu virus (Daniel McCall, The Inquisitor 19/10/2011)

A New and Frightening Stuxnet (Richard Sale The Shield 18/10/2011)

New Malicious Program by Creators of Stuxnet Is Suspected (John Markoff NYT 18/10/2011)

New Stuxnet Variants Are Found in Europe (David Strom ReadWrite Hack 18/10/2011)

Researchers: ‘Precursor’ To Son Of Stuxnet Spotted In The Wild (Kelly Jackson Higgins Dark Reading  18/10/2011)

After Stuxnet, a rush to find bugs in industrial systems (By Robert McMillan – IDG News Service – InfoWorld 14/10/2011)

Stuxnet: A Chief Executive Plan (Richard Sale IIS Source 5/10/2011)

Security Infrastructure Threat Growing(ISS Source 30/9/2011)

Idaho laboratory analyzed Stuxnet computer virus (Tabassum Zakaria, Reuters 29/9/2011)

Cyber security threats – Actions to take  (Part 2 Interview with Eric Byres by Bill Lydon in Automation.com rcd here 28/9/2011 – see below 6/9/2011 for part 1)

Russia blames US & Israel for Stuxnet worm (John Dunn, Techworld, 26/9/2011)

From the man who discovered Stuxnet, dire warnings one year later (Mark Clayton, Christian Science Monitor, 23/6/2011)

Iran Creating Counter to Stuxnet (Richard Sale and Gregory Hale, The Shield – ISS Source 13/9/2011)

Authentication – security for Industrial Ethernet infrastructure (The Industrial Ethernet Book recd 13/9/2011)

New defences after Stuxnet (9/9/2011  Automation)

Cyber Security Threats: Expert Interview with Eric Byres, Part 1 (Bill Lydon Automation.Com recd 6/9/2011)

Major acquisition strengthens war on Stuxnet and other malware (Read-out: Byres acquisition by Byres 1/9/2011

What is Stuxnet? More information on this Malware including a link to a white paper:How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems!(Control 28/8/2011)

This is war and your SCADA is the target!(SA Instrumentation & Control August 2011)

Getting Started on ICS and SCADA Security (Part 2 of 2) (Eric Byres 17/8/2011 see Part 1 – 10 Aug – below)

Nothing Changed: Black Hat’s Impact on ICS Security (Dale Peterson Digital Bond 17/8/2011)

Stuxnet Overview – Understanding What It is, What Has Happened and the Solutions Available (Control Global 16/8/2011 – this is mostly a link to this page – thanks!)

SCADA Security’s Air Gap Fairy Tale (Eric Byres Automation.com Aug 2011)

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History (Kim Zetter Wired 15/9/2011)

Siemens PLC Analysis report (Greg Hale ISS Source 11/8/2011)

Getting started on ICS & SCADA security – part 1 (Eric Byres 10/8/2011)

A fresh approach to data management and transfer (Chris Evans Control Engineering EME 9/8/2011)

A powerplant hack that anybody could use (PC World 5/8/2011)

Siemens PLC Security Vulnerabilities – It Just Gets Worse (Eric Byres, Tofino 4/8/2011) Beresford @ Black Hat,

Part I: Details;

Part II Guru’s, Politics and ICS Response (Digital Bond 4/8/2011)

Iran still reeling (IIS Source 3/8/2011)

Hard-Coded Password and Other Security Holes Found in Siemens Control Systems (Wired 3/8/2011)

Feds fear new Stuxnet threats (ISS Source 2/8/2011)

Summer & Stuxnet (ControlGlobal 2/8/2011)

Really, really really cyber secure (Walt Boyes Control Global 1/8/2011)

More Possible Siemens Vulnerabilities (ISS Source 25/7/2011)

Eachtra ainailíse (Aonghus ó hAlmhain’s Blog 21/7/2011)

A time bomb with fourteen bytes (Ralph Langner 21/7/2011)

Stuxnet returns to bedevil Iran’s Nuclear Systems (DEBKAfile 20/7/2011)

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History (Kim Zetter: Wired 11/7/2011)

A malware anniversary to remember (Liam ó Murchú Symantec 11/7/2011)

Automation summit! Missing the security boat (Our report on Siemens Summit 7/7/2011)

How Stuxnet Spreads (Jon DiPietro; ISA Exchange 5/6/2011)

“Son-of-Stuxnet” – Coming Soon to a SCADA or PLC System Near You(Eric Byres, Tofino 31/5/2011)

Stuxnet and the Paradigm Shift in Cyber Warfare (R.M.Lee ControlGlobal 17/5/2011)

Why “stuxnet” has changed the security landscape (Chris Evans, Process & Control Today 27/4/2011)

Cracking Stuxnet, a 21st-century cyber weapon (VIdeo: Ralph Lagner, TED, March 2011)

Stuxnet is an interesting and worrisome attack for several reasons (Eric D. Knapp Security Park 23/3/2011)

More SCADA Vulnerabilities Found (Greg Hale ISS Source 23/3/2011)

Fukushima Dai-ichi status and potential outcomes (Euan Mearns, The Oil Drum 17/3/2011)

Stuxnet report IV: Worm slithers in! (ISS Source 16/3/2011)

Post-Stuxnet industrial security (ControEngineering EME 14/3/2011)

Stuxnet Report III: Worm Selects Site (ISS Source 9/3/2011)

ISA99 task force formed! (4/3/2011 Read-out Signpost)

New ISA99 Task Group Targets Cyber Threat Gaps (Automation World 3/3/2011)

Stuxnet Report II: A Worm’s Life (ISS Source 2/3/2011)

Revealing network threats, fears (Byres InTech Jan/Feb 2011)

Stuxnet Report: A System Attack (ISS Source 24/2/2011)

Stuxnet, security and taking charge (Ewald Kok IEB Feb 2011)

How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems.

(White Paper Byres and others 22/2/2011)

Irish team played key role in deciphering virus at centre of Iran cyber hit(Mary Fitzgerald: Irish Times  19th Feb 2011)

The world of cyber threats (BBC Mary Shiels’ blog 16 Feb 2011)

The lingering effects of Stuxnet! (Video: Control Engineering 11/2/2011)

W32.Stuxnet Dossier (Eric Chien Symantec 4 Feb 2011)

Control network security lessons from Stuxnet! (Richard Piggin, Control Engineering 3/2/2011)

Stuxnet Warfare (Jim Pinto 28th Jan 2011)

The Stuxnet worm and options for remediation (Industrial Wireless Book Jan’11)

The Stuxnet Worm and Iran – The day after! (Gary’s Choices 16/1/2011)

Israeli Test on Worm Called Crucial in Iran Nuclear Delay (NY Times 15/1/2011)

In a post Stuxnet world! (Jim Cahill, Emerson Process Experts 13/1/2011)

How to hijack a controller (Ralph Langner, Control 13/1/2011)

Stuxnet Before the .lnk File Vulnerability (Liam ó Murchú Symantec 13/1/2011)

Insuring Against Stuxnet (ISS Source 7/1/2011 Part II with link to part I)

Industrial Defender Updates Stuxnet Whitepaper (Andrew Ginter 6/1/2011)

Year 2010

Stuxnet Updates (Chemical Facility Security News 27/12/10)

Stuxnet – Cybersecurity Trojan Horse (Joe Weiss InTech December 2010)

Stuxnet — A new weapon for cyber insurgents? (Automation Nation 28/11/2010)

Holy Crap – Stuxnet is even in the Chattanooga Paper (Doug Brock, Factory Automation Blog, 20/11/2010)

TUXNET Scanner: A Forensic Tool (TrendMicro 15/11/2010)

Preventing the spread of the Stuxnet worm in both Siemens and non-Siemens network environments. (Byres Security: White paper 8/11/2010)

A Different Spin On Sleuthing Stuxnet (Kelly Jackson Higgins, DarkReading 5/11/2010)

The Stuxnet Worm: more than 30 people built it! (The Atlantic 4/11/2011) STUXNET : le rappel de quelques faits (ISA-Flash ISA France Bullitin Nov 2010) Byres Security updated white paper

Analysis of the Siemens WinCC / PCS7 Stuxnet Malware for Industrial Control System Professionals. (15/10/2010)

Destructive Trojan Poses as Microsoft Stuxnet Removal Tool in Softpedia (15/10/2010)

Stuxnet Aftermath: Cyber Warfare Already Here and Greg Hales’ “

Safe From Stuxnet? Think Again!” in ISS Source (14/10/2010) ARC Advisory Group

Control Systems are Not Safe – Stuxnet Worm Raises Security Concerns in India (12/10/2010)Paul Roberts in Threat Post: Security Firms Scramble For SCADA Talent After Stuxnet (7/10/2010) Les Hunt from DPA Magazine comments in “

The Worm Turns”(6/10/2010)

Defending against Stuxnet (Wes Iverson Automation World Oct’10) This blog from the American Government Security Blogs, “

Stuxnet and Self-Inflicted Wounds“, and also in Security Dark Reading, “

Stuxnet Attack Exposes Inherent Problems In Power Grid Security“ “

Why the Stuxnet worm is like nothing seen before.” (New Scientist 27 Sept 2010) “

Stuxnet worm hits Iran nuclear plant staff computers“.(BBC 26/9/2010) See article in New York Times, “

Malware Hits Computerized Industrial Equipment” and Nancy Bartel in Control Global “

Worst Fears relaised” (24/9/2010.) More from Eric Byres “

The amazing Mr Stuxnet!” (23rd September 2010) Another in ControlGlobal “

Siemens Updates News on Stuxnet Virus.” (23/9/2010)

Stuxnet – not from a bored schoolboy prankster (Nick Denbow Industrial Automation Insider 21/9/2010)

Was Stuxnet Built to Attack Iran’s Nuclear Program?” (Robert McMillan 21/9/2010)

Stuxnet Update: Defending Against the Next Stuxnet (List of links from Grant Gerke inAutomationWorld 21/09/2011)

Exploring Stuxnet’s PLC Infection Process (Nicolas Falliere in Symantec connect 21/9/2010)

Stuxnet P2P component  also

Stuxnet Print Spooler Zero-Day Vulnerability not a Zero-Day at All? (Liam ó Murchú Symantec 17/9/2010)

‘Stuxnet’ Worm Far More Sophisticated Than Previously Thought. (KrebsonSecurity 15/9/2010)

“Stuxnet” targeted at automation (Andrew Bond IAI 4/8/2010)

Security threat to the control system world! (Our first inkling of what was coming! 19/7/2010)

But there were some who were aware of possible problems such as Bela Lipták: Nuclear Plant Security and Cyber Terrorism (Control, 28/10/2008)

Cyber Security Best Practices through Segmentation and Rapid Disconnect (Jim Cahill, Emerson Process Experts, 24/10/2013)

2 Responses to ICS & SCADA Security

  1. SCADA(Supervisory Control And Data Aquisition) generally refers to Industrial Control System(ICS). a PLC may control the flow of cooling water through part of an industrial process, but the SCADA system may allow operators to change the set points for the flow, and enable alarm conditions, such as loss of flow and high temperature, to be displayed and recorded. The feedback control loop passes through the RTU or PLC, while the SCADA system monitors the overall performance of the loop.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: