[Presentation from SecurityWeek’s 2017 Singapore ICS Cyber Security Conference]
Operations managers need to be 100% certain that their PLCs’ software is shielded from unauthorized modifications, to assure that operational processes go uninterrupted.
This session demonstrates how PLC software can be modified without operators being aware, and outline the potential impact on ongoing ICS processes. An attack demo shows how to simulate an engineering workstation operation to change the firmware of the PLC while keeping the communication with the SCADA system intact.
Various defense methods to protect PLCs against such attacks are presented, including embedded end-point protection mechanisms, proxy application firewalls and periodic configuration validation.
Presenter: Ilan Barda – CEO, Radiflow
Protecting Against Unauthorized PLC Modifications
[Presentation from SecurityWeek's 2017 Singapore ICS Cyber Security Conference] Operations managers need to be 100% certain that their PLCs’ software is shielded from unauthorized modifications, to assure that operational processes go uninterrupted. This session demonstrates how PLC software can be modified without operators being aware, and outline the potential impact on ongoing ICS processes. An attack demo shows how to simulate an engineering workstation operation to change the firmware of the PLC while keeping the communication with the SCADA system intact. Various defense
Thousands of Malware Variants Found on Industrial Systems: Report
(Eduard Kovacs - SecurityWeek) - Kaspersky said it had detected roughly 18,000 malware samples belonging to more than 2,500 families on industrial control systems (ICS) in the first half of 2017. According to the company’s “Threat Landscape for Industrial Automation Systems” report for the first six months of the year, nearly 38 percent of the industrial systems protected globally by its products were targeted during this period. This is 1.6 percent less than in the second half of 2016. Attempts to download
Iranian Hackers Target Industrial Firms
(Eduard Kovacs - SecurityWeek) - A cyber espionage group linked by security researchers to the Iranian government has been observed targeting aerospace and energy organizations in the United States, Saudi Arabia and South Korea. The threat actor, tracked by FireEye as APT33, is believed to have been around since at least 2013. Since mid-2016, the security firm has spotted attacks aimed by this group at the aviation sector, including military and commercial aviation, and energy companies with connections to petrochemical production. Specifically,
Siemens Partners With PAS on Industrial Cybersecurity
(Eduard Kovacs / SecurityWeek) - Engineering giant Siemens and PAS, a company that specializes in cyber security solutions for industrial control systems (ICS), announced on Tuesday a new strategic partnership. The goal of the partnership is to provide organizations the capabilities needed to identify and inventory assets, including distributed and legacy control systems, and provide visibility for detecting cyber threats and unauthorized engineering changes in multi-vendor environments. The solutions offered as a result of the partnership can be ideal for fleet-wide monitoring
Mocana Integrates Embedded Security Software With Industrial Cloud Platforms
Mocana Integrates Embedded Security Software with AWS IoT, Microsoft Azure IoT, and VMware Liota to Protect Devices (SecurityWeek / Kevin Townsend) - Two constants in current cybersecurity are the growing threat from insecure IoT botnets (Mirai, WireX, etcetera), and the continuing security provided by strong encryption. It is part of the mission of one venture capital funded firm to solve the former by use of the latter. Mocana was formed in 2002 as an embedded security software company for military applications. With the help
Russia-linked Hackers Target Control Systems in U.S. Energy Firms: Symantec
(Eduard Kovacs, SecurityWeek) - A group of cyberspies believed to be operating out of Russia has been observed targeting energy facilities in the United States and other countries, and the attackers appear to be increasingly interested in gaining access to the control systems housed by these organizations. The group, known as Dragonfly, Crouching Yeti and Energetic Bear, has been active since at least 2010, but its activities were first detailed by security firms in 2014. Many of the threat actor’s attacks have focused on
Reminder: 2017 ICS Cyber Security Conference USA Call for Speakers Open Through August 15
The official Call for Papers (speakers) for SecurityWeek’s 2017 Industrial Control Systems (ICS) Cyber Security Conference, being held October 23 – 26, 2017 at the InterContinental Buckhead Atlanta, Georgia, USA is open through August 15, 2017. As the original ICS/SCADA cyber security conference, the event is the largest and longest-running cyber security-focused event series for the industrial control systems sector. The conference caters to the energy, water, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations. With a 15-year history, the conference
GCHQ Warns of State-sponsored Hackers Targeting Critical Infrastructure
By Kevin Townsend (SecurityWeek) The U.K. Government Communications Headquarters (GCHQ), Britain's secret eavesdropping agency, warns that 'a number of [UK] Industrial Control System engineering and services organisations are likely to have been compromised' following the discovery of 'connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors.' The warning comes from a National Cyber Security Centre (NCSC) memo obtained by Motherboard and confirmed by the BBC. NCSC is part of the UK's primary cyber intelligence agency, GCHQ. From the little information available, it
Bechtel Opens Industrial Cyber Security Lab
Global engineering and construction giant Bechtel has opened a new cyber security lab aimed at protecting industrial equipment and software that control facilities such as power plants, chemical plants, and other large-scale critical infrastructure operations. With the goal of protecting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems from cyber threats, Bechtel says the lab will leverage its experience designing and implementing National Institute of Standards and Technology Risk Management Framework (NIST-RMF) solutions for its government
Rockwell Automation Partners With Claroty on Industrial Network Security
Rockwell Automation is teaming up with industrial cybersecurity startup Claroty to combine their security products and services into future, combined security offerings. Rockwell, an industrial automation giant with more than 22,000 employees, said that after a competitive review process it selected Claroty for its anomaly-detection software purpose built for industrial network security. Armed with $32 million in funding through Series A and a Series B rounds, Claroty exited stealth mode in September 2016 to announce a security platform designed to provide “extreme