Wednesday, April 13, 2011

Warning: SCADA/ICS Security Good News Alert


Hope you're sitting down cause I've got (good) news for you. If you were expecting yet another predictable dose of downer news re: the state of cyber security in the electric sector, this post may be a bit of a disappointment for you. If that's the case, just grit your teeth and get through it.

You remember Stuxnet?  You remember Siemens Step 7?  Been wondering whether anyone's been doing anything to make control systems more resistant to Advanced Persistent Threat (APT) attacks? Here's a snippet from a press release this morning:
Against a backdrop of global threats such as Operation Aurora, Stuxnet and Night Dragon, enterprises need a way to protect their critical systems. After intensive testing, Siemens-Division Industry Automation has proven compatible with McAfee® Application Control solution to defend against such attacks.
When you're ready to click, both McAfee and Siemens have a little more detail for you. It's an application white listing approach to security, and for you skeptics, you're right, it's probably not the solution to all known problems. But from where I sit, it is certainly a move in a potentially very helpful direction.

But wait, the good news isn't over yet (sorry); there's more. Security vendor Tenable has just released new plugins which specifically test SCADA devices, which came out of months of collaboration with ICS security consultancy Digital Bond.

Obviously I'm not endorsing the work or products of any of these companies. That's not my job and I'm not really even qualified to do so. But in a media world where the bad guys (and the events they cause) dominate the headlines and fill our minds with all manner of anxieties, it's nice to see the the good guys strike back. Let's see some more of this re: GE, ABB, etc. and from other security vendors who you'd expect should be able to help.

Pessimists stay tuned; I'm sure we'll have something for you soon enough.

Photo credit: Lachlan Hardy on Flickr.com

No comments: