HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Comments
You must login to participate in this chat. Please login.

Great information.

Gold

Love It!!!  Thank you for the information.  Please send &/or give more information in the future!

Very productive.

Silver

Excellent presentation

Iron

Here is an even easier link to download a PowerPoint from:

http://web.tofinosecurity.com/download-the--presentation-SCADA-Security-in-a-Post-Stuxnet-World

Iron

For everyone who wants a PowerPoint, I have one that closely matches this talk. Go to http://www.tofinosecurity.com/professional/scada-and-cip-security-post-stuxnet-world to download.

Iron

Unfortunately it is not illegal to publish vulnerbility or sell attack code. My understanding is that it isn't likley to change either - it is possible to make specific acts illegal (such as hacking), but restricting the sharing of information runs into Freedom of Speech issues.

Plus the fact that people can just post the tools on a foreign website (e.g. Gleg is in Russia) makes enforcement really tough.

The best way to discourage disgruntled emplyees from causing harm or criminals from stealing and selling secrets is to make it more trouble to do than it is worth. Bad guys only stopped robbing trains and stage coaches when the difficulty of achieving sucess exceeded the likelyhood of a making money. In otherwords, the RoI in hacking needs toi change to make it unprofitable. Right now it is too easy and too profitable.

Iron

Thanks so much, Eric, for a great presentation. 

Blogger

Is it illegal to publish vulnerbility or sell attack code for profit ? Are there changes in legal system to remedy the situation, to discourage say disgruntled emplyees from causing harm?

Iron

Yes, Eric. One of the problems I've seen is with process control systems. You can't shut down the plant overnight to put in patches.

Blogger

Unfortunately, for many companies, there still is a conflict between engineers and IT departments when it comes to security. This is bad, becuase it often leave a gaps for the bad guy to slip in.


The main reason for the conflict are the different UNSTATED assumptions between IT and automation. For example, there is often an assumption in IT that a short reboot of a system is not an issue, especially if it happens at midnight.  Obviously automation engineers don't agree.

Getting these these assumption in the open and deciding on how to address the differences if the key to solving the issues. Good companies (Dow Chemicals comes to mind) have really found a way for that dialog to occur.

Iron

Eric, is there still a conflict between the needs of control engineers and the needs of IT?

Blogger

Hi Vlad


The two crucial terms used in ISA 62443 2-1 standard are Zones and Conduits. But I am slow typist so I can point you to a detailed white paper on the topic at http://web.tofinosecurity.com/download-the-white-paper-using-ansi-/-isa-99-standards-to-improve-control-system-security

It defines most of the key terms. The other place is the actual ISA 62443 2-1 standard. Unfortunately you must purchase that from www.isa.org

Iron

Eric you mentioned about the zones at the critical points in the Control System to allow the uncontrolled parameters settle there

Does the same technique apply to the database management software run by IT companies?

Iron

Thank you Rob for the archive audio

Iron

The biggest biggest threat right now is likely the disgruntled employee. However over the next few years, for most companies it will be a mix of organized crime and competitors. For companies with high strategic value (like oil and gas) foreign government agencies are a significant risk. Terrorists are low on the list for me.

 
Iron

Nrali S -- The archive audio of this presentation should be available now.

Blogger

thats okay Rob

Eric can you please list those crucial terms used like ISA 62443 2-1 standard etc so that I can I just google it to get extra info?

 

Iron

The Radio Show will be available for on-demand listening after the show ends today, so you can hear it then.

Iron

Really fascinating presentation, Eric and Rob. A question: Is there still a conflict between engineers and IT departments when it comes to security?

Iron

Is there a way to get the audio recording?

Iron

Sorry about the acronyms. Any you would really like me to explain? Security or automation acronyms?

 

Iron

Vlad, this program didn't come with Power Point slides.

Blogger

Do you mind uploading the powerpoint presentation if possible?

Iron

thank you Eric

 

 

Iron

By the way, many thanks to Freescale for sponsering Eric's presentation.

Blogger

You have used a lot of aronyms, can you explain these?

Iron

Who's the biggest threat, Eric? The disgruntled employee? The competitors? Terrorists?

Blogger

Let us know if you have any questions for Eric. He will begin answering questions at the half hour.

Blogger

Greetings everyone! The streaming audio player will appear on this web page when the show starts at the top of the hour today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. You can hit the F5 key to refresh.

Iron

Hello from Albuquerque, New Mexico

Blogger

-The streaming audio player will appear on this web page when the show starts at 12 pm Eastern today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser.

Blogger


Partner Zone
Latest Analysis
Sharon Glotzer and David Pine are hoping to create the first liquid hard drive with liquid nanoparticles that can store 1TB per teaspoon. They aren't the first to find potential data stores, as Harvard researchers have stored 700 TB inside a gram of DNA.
If you see a hitchhiker along the road in Canada this summer, it may not be human. Thatís because a robot is thumbing its way across our neighbor to the north as part of a collaborative research project by several Canadian universities.
SpaceX has 3D printed and successfully hot-fired a SuperDraco engine chamber made of Inconel, a high-performance superalloy, using direct metal laser sintering (DMLS). The company's first 3D-printed rocket engine part, a main oxidizer valve body for the Falcon 9 rocket, launched in January and is now qualified on all Falcon 9 flights.
Stanford University researchers have found a way to realize whatís been called the ďHoly GrailĒ of battery-design research -- designing a pure lithium anode for lithium-based batteries. The design has great potential to provide unprecedented efficiency and performance in lithium-based batteries that could substantially drive down the cost of electric vehicles and solve the charging problems associated with smartphones.
UK researchers have come up with a method for machining aerospace-grade, carbon fiber-reinforced composites, along with high-strength aerospace alloys, using an ultrasonically assisted machining device. It also works on high-strength aerospace alloys.
More:Blogs|News
Design News Webinar Series
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
7/17/2014 11:00 a.m. California / 2:00 p.m. New York
6/25/2014 11:00 a.m. California / 2:00 p.m. New York
5/13/2014 10:00 a.m. California / 1:00 p.m. New York / 6:00 p.m. London
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Aug 18 - 22, Embedded Software Development With Python & the Raspberry Pi
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Last Archived Class
Sponsored by igus
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service