SCADA Security's Air Gap Fairy Tale
Automation.com, August 2011
By Eric Byres
This tale doesn’t have princes or frogs in it, but instead it deals with SCADA and industrial control system security. It is the myth of the "air gap" between control systems and the rest of the world. Believing in it leads to a false sense of complacency by both end users and vendors, making it a very dangerous fairy tale indeed.
Architecture for Secure SCADA and Distributed Control System Networks
Industrial Automation Asia, June 2011
By CK Lam, Juniper Networks
It is important to realise the distinction between safety and security. While machines are built with several fail-safes to ensure safety, these fail-safes are designed against circumstances that have realistic probabilities. A cyber attack can skew the probabilities severely or mislead the operator into taking inappropriate actions by presenting false information.
Roadway Barriers Go Electric
Design News, June 2011
By Charles J. Murray
Roadway barriers, the last line of defense for hundreds of military installations and utility plants, are undergoing a transformation. Once powered exclusively by hydraulics, the giant barriers are now moving to simpler, greener electric actuators.
RFID for More Foolproof Access
Control Design, June 2011
By Aaron Hand
RFID technology makes users more accountable with their own access keys or tags, significantly reducing the likelihood that machine access control will be passed around.
Stuxnet and the Paradigm Shift in Cyber Warfare
Control, June 2011
By Robert M. Lee
A brief history of the Stuxnet worm including its targets, the initial findings, possible creators of the worm and its effects.
Physical Security 101: Evolving ‘defense in depth’
InTech, June 2011
By Scott Hillman
What good is cybersecurity if the bad guys can walk through the front door? A site vulnerability assessment determines possible holes in a plant’s overall security system and prioritizes improvement opportunities.
Browse more articles on the Security portal.
MatrikonOPC adds HDA support to Security Gateway
Using the OPC Foundation’s OPC Security specification, OPC Security Gateway protects OPC servers from unauthorized OPC clients.
Rockwell Automation enhances FactoryTalk ViewPoint software
Enhancements include tag write capabilities and security capabilities that allow administrators to manage and control who can access system and machine parameters from outside the plant.
Other Product Announcements
Browse more Product Announcements on the Security portal.
Search all Products by keyword, category, manufacturer or release date.
Security Incidents Organization publishes report on Control System Malware Incidents
The report documents 60 incidents that have taken place between 1999 and 2010 that involved lost time, destruction of property and even fatalities.
ISA publishes Embedded Device Security Assurance Specifications
The ISA Security Compliance Institute (ISCI) posted two of three key elements of the ISASecure Embedded Device Security Assessment (EDSA) certification specification on its website.
ISA publishes new edition of Industrial Network Security book
Industrial Network Security, 2nd Edition, by David J. Teumim, tells managers, engineers, technicians, and operators how to keep industrial networks secure amid rising threats from hackers, disgruntled employees, and even cyberterrorists.
Browse more resources on the Security portal.
SCADA Security for Critical Infrastructure
IMPO, May 2011
by Frank Dickman
United Water operates or manages facilities in 23 U.S states with an extensive network of underground piping. It supports over 300 remote field sites company-wide. Here’s how United Water is securing the industrial control networks of their extensive network infrastructure.
Toshiba Security Supplies IP VIdeo Surveillance to food distributor
Bernick's Beverages & Vending installed Toshiba IP cameras, network, and software to monitor its distribution center and offices.
More Water Savings through Automation
Control, December 2010
By Mike Crabtree
PLCs from AutmationDirect control the water distribution system for Mission Springs Water District in California. The PLCs also control video surveillance systems to monitor intrusion and security events.
Browse more application stories on the Security portal.
SCADA Security: Challenges and Solutions
By Metin Ozturk and Philip Aubin, Schneider Electric
This paper presents the case for improving security to SCADA systems. It examines the factors that have contributed to the growing vulnerability of control systems, and presents new standards designed to protect critical infrastructure including the use of encryption and authentication for SCADA systems.
Defense in Cyber Space
By Trent Nelson, Idaho National Laboratory, and Jeff Becker, Honeywell
For industrial facilities, the increased vulnerability of the enterprise resulting from open wireless architectures, coupled with a rise in cyber attacks, has made electronic security a major concern. This whitepaper discusses the present situation regarding cyber security, beating the hackers and how to protect plants against potential cyber attacks.
Effective OPC Security for Control Systems
By Eric Byres, Byres Security, and Darek Kominek, MatrikonOPC
White Paper explains the security advantages of limiting network interfaces and protocols, and recommends using OPC as a communications standard because of its ease of use and its widespread deployment. Registration required to view paper.
Browse more white papers on the Security portal.
|Company & Organizational News
Federal Regulators Say Nuclear Accident Plans Are Lacking
The Hill, June 2011
By Andrew Restuccia
Many of the country’s nuclear power plants have not adequately updated guidelines aimed at protecting reactors from severe accidents, federal regulators found as part of a wide-ranging review undertaken in the aftermath of Japan’s nuclear crisis this year.
Siemens identifies potential security weakness in SIMATIC Controllers
Siemens published safety guidelines which operators of industrial plants can follow to minimize the risk of external intervention from the start.
Siemens updates S7-1200 firmware to fix vulnerability
Siemens released a firmware update of its S7-1200 PLC that eliminates vulnerabilities and improves the security and robustness of its S7-1200 product family.
Nivis obtains FIPS-197 Security Certification
Nivis wireless products passed a series of in-depth tests as specified by the Cryptographic Algorithm Validation Program (CAVP), a program established by NIST and executed by third-party laboratories.
Secomea signs Throughput Technologies as distributor
Throughput Technologies is now a distributor of the Secomea Remote Device Management solution in South Africa.
Browse more company and organizational news on the Security portal.
Advantech to supply computers to Industrial Video and Control
IVC provides IP-based video solutions by combining high-quality cameras, enclosures, and software for industrial, commercial, and military applications.
Browse more project news on the Security portal.
Phoenix Contact Automation Week training courses
September 19, 2011 - September 23, 2011
Location: Middletown, PA, USA
The week of automation training classes covers the latest trends in I/O, Ethernet, controllers and software and network security. Learn how to improve efficiency and reduce the cost of a control system.
September 22, 2011 - September 23, 2011
Location: Mumbai, India
Students apply security measures that comply with IT policies, industrial best practices, and government (SOX) regulations for cybersecurity. Students learn how to configure the Windows Firewall, and the minimal set of users and groups that are necessary to include in the System Access Control Lists.
Industrial Networking & Security (TS12)
October 17, 2011 - October 21, 2011
Location: Research Triangle Park, NC, USA
In this course, you will learn about the latest developments in networking, including practical tips on designing, implementing and testing TCP/IP-based networks and how to apply them securely and reliably in an Industrial environment.
Phoenix Contact announces fall training classes
Training classes will be held for HMI, I/O, Ethernet, network security, wireless and safety technology.
Browse more training and seminar opportunities on the Security portal.
Remote Monitoring and Control 2011
September 19, 2011 - September 21, 2011
Location: Nashville, TN, USA
Remote Monitoring and Control 2011 will focus on the leading advancements for the monitoring and management of distributed equipment and facilities, remote assets, infrastructure, automated process & system controls and device networks.
Cyber Security for Energy Delivery
September 27, 2011 - September 28, 2011
Location: San Jose, CA, USA
Develop strategies to protect your cyber assets, achieve economic compliance and implement technological solutions. Join 100 key decision makers from across NAmerica receiving business critical strategy ensuring your critical cyber assets are protected and comply with NERC guidelines. Get vital inside knowledge on future changes from those in the know.
ISA Automation Week 2011
October 17, 2011 - October 20, 2011
Location: Mobile, AL, USA
This world-class conference will cover seven technical tracks in depth and will be designed with information critical to several identified automation and control career paths. ISA Automation Week provides you with the opportunity to get the best unbiased knowledge available to help you in your jobs and your future.
2011 Emerson Global Users Exchange
October 24, 2011 - October 28, 2011
Location: Nashville, TN, USA
Exchanging Ideas...Creating Solutions is the theme of this year's conference, to be held at the Gaylord Opryland Resort and Convention Center. Attendees overwhelmingly feel the different ideas and proven solutions from the presentations of users and experts at the conference is the main driving force to attend.
November 8, 2011 - November 10, 2011
Location: Nashville, TN, USA
Invensys Operations Management hosts a multi-discipline event for collaborating on your journey towards manufacturing enterprise optimization.
Browse more industry events on the Security portal.
Add an event to our calendar.