Unfortunately it is not illegal to publish vulnerbility or sell attack code. My understanding is that it isn't likley to change either - it is possible to make specific acts illegal (such as hacking), but restricting the sharing of information runs into Freedom of Speech issues.
Plus the fact that people can just post the tools on a foreign website (e.g. Gleg is in Russia) makes enforcement really tough.
The best way to discourage disgruntled emplyees from causing harm or criminals from stealing and selling secrets is to make it more trouble to do than it is worth. Bad guys only stopped robbing trains and stage coaches when the difficulty of achieving sucess exceeded the likelyhood of a making money. In otherwords, the RoI in hacking needs toi change to make it unprofitable. Right now it is too easy and too profitable.
Unfortunately, for many companies, there still is a conflict between engineers and IT departments when it comes to security. This is bad, becuase it often leave a gaps for the bad guy to slip in.
The main reason for the conflict are the different UNSTATED assumptions between IT and automation. For example, there is often an assumption in IT that a short reboot of a system is not an issue, especially if it happens at midnight. Obviously automation engineers don't agree.
Getting these these assumption in the open and deciding on how to address the differences if the key to solving the issues. Good companies (Dow Chemicals comes to mind) have really found a way for that dialog to occur.
The two crucial terms used in ISA 62443 2-1 standard are Zones and Conduits. But I am slow typist so I can point you to a detailed white paper on the topic at http://web.tofinosecurity.com/download-the-white-paper-using-ansi-/-isa-99-standards-to-improve-control-system-security
It defines most of the key terms. The other place is the actual ISA 62443 2-1 standard. Unfortunately you must purchase that from www.isa.org
The biggest biggest threat right now is likely the disgruntled employee. However over the next few years, for most companies it will be a mix of organized crime and competitors. For companies with high strategic value (like oil and gas) foreign government agencies are a significant risk. Terrorists are low on the list for me.
Greetings everyone! The streaming audio player will appear on this web page when the show starts at the top of the hour today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. You can hit the F5 key to refresh.
-The streaming audio player will appear on this web page when the show starts at 12 pm Eastern today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser.
In a bid to boost the viability of lithium-based electric car batteries, a team at Lawrence Berkeley National Laboratory has developed a chemistry that could possibly double an EVís driving range while cutting its battery cost in half.
Using Siemens NX software, a team of engineering students from the University of Michigan built an electric vehicle and raced in the 2013 Bridgestone World Solar Challenge. One of those students blogged for Design News throughout the race.
Robots that walk have come a long way from simple barebones walking machines or pairs of legs without an upper body and head. Much of the research these days focuses on making more humanoid robots. But they are not all created equal.
For industrial control applications, or even a simple assembly line, that machine can go almost 24/7 without a break. But what happens when the task is a little more complex? Thatís where the ďsmartĒ machine would come in. The smart machine is one that has some simple (or complex in some cases) processing capability to be able to adapt to changing conditions. Such machines are suited for a host of applications, including automotive, aerospace, defense, medical, computers and electronics, telecommunications, consumer goods, and so on. This discussion will examine whatís possible with smart machines, and what tradeoffs need to be made to implement such a solution.