SCADA


Tired of hearing about IoT? Me too. I am also tired of AI and the constant specter of intelligent robots and computers that are smarter than us, and that for some reason want to harm us. I prefer the movie Her because I believe that is more likely to represent the future of an AI. They wouldn’t want to compete with us and rule the world. Instead, it seems more likely that they would find us to be a curiosity. And they would probably eventually just lose interest in us and leave. We (and the Earth) would not be able to evolve as fast... [Read More]
by RSS James Cabe  |  Jun 13, 2017  |  Filed in: Industry Trends
Over the last few months or years I have reported vulnerabilities on several IoT devices. None have been patched so far, and I think it is time to discuss the situation openly. One of the issues I have faced several times is the zero-security-culture phenomenon. Some of those IoT companies were typically very small and young, with sadly neither the skills nor the resources to fix security issues. For example, I remember sending several vulnerabilities to a given company. I got an automated response for the first email (ok),... [Read More]
by RSS Axelle Apvrille  |  May 17, 2017  |  Filed in: Security Research
Q&A with Carolyn Crandall, CMO at Attivo Networks Fortinet sits down with Fabric-Ready Partner, Attivo Networks, to learn what’s top of mind for its customers, the key IT challenges they are facing, and how Attivo Networks’ approach to integrated security is helping drive business and customer success. Tell us a bit about Attivo Networks business and the types of customers that you serve. Attivo Networks® is the leader in deception for cyber security defense. Founded on the premise that even the best security systems... [Read More]
by RSS Darlene Gannon  |  Apr 20, 2017  |  Filed in: Business and Technology, Security Q & A
IoT is a sexy topic these days. It’s hard to open a magazine or blog without seeing statistics that project there will soon be more IoT devices online than there are teenagers on ClickChat. Like the growth of mobility and smartphones before it, IoT is a phenomenon that merits attention. But this time it’s different. IoT networks and devices play a crucial role in our global transition to a digital economy, and organizations that fail to adopt a digital business model may not survive. Which is why we also need to give credit to those... [Read More]
by RSS Phil Quade  |  Apr 19, 2017  |  Filed in: Industry Trends
The Internet of Things (networks of uniquely identifiable endpoints, or "things," that communicate without human interaction using embedded IP connectivity) is the next industrial revolution. Estimates say there will be 24 Billion IoT devices installed by 2020, and $6 Trillion will be invested in IoT devices over the next 5 years. With that kind of growth and investment, protecting each of these “things” and their corresponding interactions with other components, including our networks, will be critical. So where is this... [Read More]
by RSS Daniel Cole  |  Sep 14, 2016  |  Filed in: Industry Trends
A couple of months ago I was discussing data center security with a panel of IT managers from critical infrastructure providers. One representative from a major energy provider said that he had no intention of segmenting his network. When I asked him how he monitors his network looking for attacks that have breached his perimeter, he told me, “That’s the FBI’s job.” I wish I could say this was unusual. Historically, the security strategy of many critical infrastructure companies was to simply not connect them to the... [Read More]
by RSS Daniel Cole  |  Jun 21, 2016  |  Filed in: Industry Trends
Organizations of all types today face an evolving threatscape and growing pressure to rethink security strategies for long-term sustainability. Critical infrastructure industries, and the communities and economies they serve, face not only particularly damaging outcomes from successful cybersecurity attacks, but also need to deal with significant complexity due to the scale of their operations. Fortinet’s Daniel Cole discusses the issues and trends affecting the critical infrastructure organizations today. Q&A with Daniel Cole What’s... [Read More]
by RSS John Welton  |  May 16, 2016  |  Filed in: Industry Trends
While attackers are showing greater interest in both direct and indirect targeted attacks at Industrial Control Systems, it is perhaps a good time to assess where we stand with regards to protecting these systems.  Industrial Control Systems (ICS) are systems that control and monitor physical processes like the "transmission of electricity, transportation of gas and oil in pipelines, water distribution, traffic lights, and other systems used as the basis of modern society.” In recent years, the Industrial Control Systems... [Read More]
by RSS Ruchna Nigam  |  Apr 05, 2016  |  Filed in: Security Research
I'm back from Hacktivity 2015, a big hacking and industrial event in Budapest (Hungary), where I was presenting an update of my research on the Fitbit Flex tracker (slides). It seems several people in the audience were wearing a sports wristband ;) Fitness Trackers at my talk at Hacktivity For your information, I will be presenting on the same topic at Hack.lu next week, but let's say 70% of the presentation will be *different* as I am not focusing on the same aspects. Tamas Szakaly - Shall we play a game? Tamas gave an interesting... [Read More]
by RSS Axelle Apvrille  |  Oct 14, 2015  |  Filed in: Security Research
Since the beginning of the year, a total of 77 Advisories regarding Vulnerabilities in SCADA systems have been released by the ICS-CERT. They cover a total of 133 vulnerabilities, of which 122 correspond to unique CVE's. Most of the disclosed vulnerabilities correspond to commonly used SCADA software like Device Type Managers(DTMs), Human Machine Interfaces(HMIs), Web-based SCADA management solutions etc. However, some advisories also address non-SCADA-specific vulnerabilities like those found in the widely used NTP (Network Time Protocol)... [Read More]
by RSS Ruchna Nigam  |  Jul 15, 2015  |  Filed in: Security Research