About

Conference

SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions.

<We_can_help/>

What are you looking for?

>Articles posted by Industry News (Page 8)

Control Systems are Used in Applications Beyond Just Industrial Control and Automation

By: Joe Weiss

Control systems are used to monitor and control physical processes. Measured variables include pressure, temperature, level, flow, voltage, current, resistance, power, weight (mass), speed, distance, direction, chemical composition, strain, size, color, radiation, etc. Control systems compare the measured variables to a setpoint. For example, a control system can check the temperature to see if it is too high or too low and automatically adjust conditions so the temperature returns to the desired value.  It should be obvious these variables and this type of control is used by multiple types of organizations and for multiple types of processes.

The term Industrial Control Systems (ICS) was coined about 10 years ago to be a general term for the control systems used in all industries. This was because the major control system vendors, eg, GE, Siemens, Rockwell, ABB, Honeywell, Emerson, Schneider, etc. supply industrial process control systems to multiple industries – electric, water, oil/gas, pipelines, manufacturing, nuclear, etc. As ISA is process industry-focused, and after significant discussion, ISA adopted the name for the ISA99 control system cyber system security committee to be Industrial Automation and Control Systems Security. However, control systems are used in applications beyond just industrial control and automation. Control systems are used in automotive, building automation, defense, entertainment, food and agriculture, medical devices, transportation, etc. I believe the use of the term “industrial” has led to the lack of many organizations adopting the work of ISA99. Moreover, I believe the DOE and DHS cyber security roadmap efforts for specific industries led those industries to believe they were unique with no need to collaborate with other industries.

My discomfort with the term “industrial” culminated when I attended the Air Force IT Conference and gave two presentations (see 9/2/16 blog). I felt uncomfortable because I was presenting “industrial” control system security to DOD and had to explain its relevance even though DOD is a very large user of control systems. This week I had discussions with an entertainment company that uses Rockwell PLC’s. Rockwell’s documentation extensively uses the term “manufacturing” so the entertainment company considered the information irrelevant – the entertainment company only manufactured smiles. Consequently, using the term “industrial” control system cyber security to this entertainment company is difficult at best even though they are using control systems that would be considered “industrial” control systems.

I would like to propose the term “physical process control and monitoring” to replace industrial control systems, since control systems monitor and control any physical process. I encourage end-users of control systems to not be turned off by the term “industrial” control systems and consider that control system cyber security information from any industry can be relevant.

Control Systems are Used in Applications Beyond Just Industrial Control and Automation By: Joe Weiss Control systems are used to monitor and control physical processes. Measured variables include pressure, temperature, level, flow, voltage, current, resistance, power, weight (mass), speed, distance, direction, chemical composition, strain, size, color, radiation, etc. Control systems compare the measured variables to a setpoint. For example, a control system can check the temperature to see if it is too high or too low and automatically adjust conditions so the temperature returns

We are pleased to add the following talk to the agenda of SecurityWeek's 2016 ICS Cyber Security Conference.  (Conference registration is still available - with registrations up more than 100% for 2016, we encourage you to register now to reserve a spot) Cyber Stone Soup: Complex Training for Cyber Exercises This presentation will cover the importance of training cybersecurity for industrial control systems in a complex environment. While using lessons learned as examples, the presenter will provide a roadmap to plan and execute

(SecurityWeek) - Dragos, a startup focused on protecting industrial control systems (ICS) from cyber threats, has raised $1.2 million from startup studio DataTribe. Founded by a small group of former NSA intelligence officers with experience in ICS security,Dragos offers a network asset discovery and visualization tool called CyberLens. The tool was developed specifically for control systems environments, which often require deep packet inspection through passive network scanning or data collection. However, CyberLens will not be the primary focus of the company as it

Over the past few years, industrial control systems (ICS) components have proven to be increasingly vulnerable and more frequently accessible from the Internet, which significantly amplifies the risk they are exposed to, Kaspersky Lab researchers warn. According to numbers from Kaspersky, 189 vulnerabilities were discovered in ICS components last year, a ten-fold increase compared to 2010, when only 19 were published. Sophisticated attacks on ICS are on the rise as well, such as the Ivano-Frankivsk, Ukraine, incident last year, just one of the multiple attacks that

A researcher has discovered several vulnerabilities in Sierra Wireless industrial gateways, but the vendor will not address the issues because the products are approaching end of life. Security researcher Karn Ganeshen reported recently that Sierra Wireless AirLink Raven XE and XT modems are affected by several flaws. One of the issues is related to the existence of a default account that allows an attacker with access to the network to log in to the device’s web administration interface. Read the Full Story at

(SecurityWeek) - Researchers have discovered two vulnerabilities in Siemens’ SICAM Power Automation System (PAS). The vendor has patched one of the flaws and is currently working on addressing the other one. SICAM PAS is an automation system used by energy companies worldwide to operate electrical substations. The Windows-based software product is advertised as scalable, flexible, easy to operate and cost-efficient. Read the Full Story at SecurityWeek

We are happy to announce what will be a fascinating talk at the 2016 ICS Cyber Security Conference, presented by Jeff Melrose, Principal Technology Strategist for Cybersecurity at Yokogawa US. Abstract With new Drone technologies appearing in the consumer space daily, Industrial Site operators are being forced to rethink their most fundamental assumptions about Industrial Sites and Cyber-Physical security. This presentation will cover Electronic Threats, Electronic Defensive measures, Recent Electronic jamming incidents, Latest Drone Threats and capabilities, defensive planning, and Electronic Attack Threats

Last week, the Federal Energy Regulatory Commission (FERC) granted a motion to postpone implementation of the North American Electric Reliability Corporation(NERC) Critical Infrastructure Protection (CIP) V5 Standards from April until July 1, 2016. Ted Gutierrez, the industrial control systems (ICS) & NERC CIP Product Manager at the SANS Institute conceded that the announcement was indeed, “a head scratching move from FERC,” as the implementation of V5 is now delayed to coincide with the unveiling of V6 standards. As such, facility owners

The Financial Services Roundtable (FSR), an advocacy organization supporting financial, insurance, and asset management firms across the U.S., has launched a new ad campaign urging the Senate to pass the Cybersecurity Information Sharing Act (CISA), a bill designed to enable businesses to voluntarily and bilaterally share cyber threat information to protect consumers from cyber threats. The multiple-week advocacy campaign launched today in the nation’s capital and includes radio, digital and social media ads. The campaign also includes the release of a

On September 10, 2015, during testimony to the House Select Committee on Intelligence, U.S. Director of National Intelligence James R. Clapper stated that "Politically motivated cyber-attacks are now a growing reality, and foreign actors are reconnoitering and developing access to U.S. critical infrastructure systems, which might be quickly exploited for disruption if an adversary's intent became hostile."  Clapper further noted that "Russian cyber-actors are developing means to remotely access industrial control systems (ICS) used to manage critical infrastructures.…Russian actors successfully