November 01, 2012
For the last several years, security experts have been stressing the vulnerability of industrial control systems. Now, with attacks like Stuxnet proof of the risk, the big question is: How will industry respond?
A sustained attack against the nation's natural gas pipelines, apparently orchestrated by the same malicious party, is proving difficult to quell.
The head of the National Security Agency is warning that Anonymous may be developing capabilities to target the U.S. power grid, but members of the hacktivist collective called such claims nothing more than fear mongering.
A new version of a federal law designed to protect the nation's critical assets is toned-down from previous cyber security proposals, but business and privacy leaders have concerns.
The proposal is helpful, but still doesn't answer the question: who to call when an attack happens.
While a number of entities have a stake in maintaining the cyber security of the U.S. electric grid, no single organization is currently responsible for overseeing protection across all aspects of grid operations.
An Illinois water utility pump failure may have been an accident caused by an employee -- not the work of foreign hackers.
Hackers reportedly breached the systems of a company that makes supervisory control and data acquisition (SCADA) systems, used to manage operations at critical infrastructure facilitates, and stole customer usernames and passwords.
November 09, 2011
Three U.S. Air Force information security experts, independent of their role in the military, studied the Duqu trojan, and you might be surprised by what they found. This is the second article in a two-part series that examines the sophisticated threat that everyone is talking about.
A piece of malware that has drawn comparisons to the notorious Stuxnet worm is using an unknown Windows kernel vulnerability to infect its targets.
When it comes to stopping individuals who want to compromise industrial control systems, the Anonymous group is certainly not Enemy No. 1.
A sibling of one of the most complex and potentially menacing computer worms ever created has impacted roughly five Europe-based manufacturers of industrial control systems, security researchers said Tuesday.
Fresh off the Stuxnet attack, critical infrastructure environments must evolve to meet the growing threat, Pan Kamal, VP of marketing at AlertEnterprise, tells SC Magazine Executive Editor Dan Kaplan.
An Italian analyst said he spent little time finding a new batch of vulnerabilities impacting industrial control systems.
September 01, 2011
Stuxnet demonstrated that even isolated physical networks could be hacked.
Security researcher Dillon Beresford speaks to the press at the Black Hat conference in Las Vegas following his presentation which demonstrated how to hack into Siemens industrial control systems. Beresford specifically uncovered "replay attack" vulnerabilities in programmable logic controllers, or PLCs, which are used in organizations such as power plants to automate processes. He told the media that part of his motivation for the research was to debunk conventional thinking that SCADA attacks require deep pockets. This week, ICS-CERT issued an advisory warning of the bugs in the Berlin-based Siemens products.
August 04, 2011
A Type 1 diabetic said Thursday that hackers can remotely change his insulin pump to levels that could kill him.
August 01, 2011
Mark Fabro has successfully married tech knowledge and C-level chops to help elevate his role -- and awareness around SCADA security -- to the next level.
The way we were is too much like the way we are: There is no way I will ever say there is no way.
June 20, 2011
A four-step industry model can be effective in defending control systems against adversaries.
The sky hasn't fallen, but we can never again write off infrastructure attacks as science fiction.
The assumption that the next Stuxnet will be somehow similar but not the same could be seriously misleading.
A scheduled talk on vulnerabilities in industrial control systems, which operate things like power plants and oil refineries, was shelved Wednesday after the affected vendor was unable to develop a working fix in time.
Software products used to manage critical infrastructure facilities contain a vulnerability that could allow an attacker to take control of affected systems, the ICS-CERT warned.
On the heels of the Stuxnet worm, Iran officials say they have discovered a new piece of malware also designed to sabotage government systems.
A major U.S. energy supplier has found no evidence of breach despite claims by a former employee that he hacked into the company's New Mexico wind turbine facility as revenge for being fired.
April 01, 2011
The cyberattack last summer on Iran's nuclear facilities has upped the ante for decision-makers in charge of critical infrastructure and enterprise networks, reports Greg Masters.
The U.S. government's ICS-CERT has issued alerts for four software products used to control hardware appliances at industrial facilities.
Refuting the recent downplay of cyberwarfare as a threat with well-thought analysis.
Why recent Wired and New York Times' Stuxnet cyberwarfare reporting doesn't shock Cybercrime Corner readers. A quick summary of relevant cyberwar/Stuxnet articles and preventive measures for review.
