Friday, July 21, 2017

Again Security: How do you Protect your Industrial Control System from Electronic Threats?

Industrial Control System (ICS) need to be protected from Electronic Threats - one of the most crucial challenge yesterday, today, and in the future. Joseph Weiss (PE, CISM - one of the real senior experts in the field) uses the term “electronic threats” rather than cyber security because there are many electronic threats to Industrial Control Systems beyond traditional cyber threats (as he says).

Joe Weiss has written a book with more than 300 pages published in 2010 worth to study (and more important TO IMPLEMENT): "Protecting Industrial Control Systems from Electronic Threats"
List of contents:
  1. Industrial Control System Descriptions
  2. Convergence of Industrial Control Systems and Information Technology
  3. Diļ¬€erences between Industrial Control Systems and Information Technology
  4. Electronic Threats to Industrial Control Systems
  5. Myths
  6. Current Personnel Status and Needs
  7. Information Sharing and Disclosure
  8. Industrial Control System Cyber Risk Assessments
  9. Selected Industry Activities
  10. Industrial Control System Security Trends and Observations
  11. Industrial Control System Cyber Security Demonstrations
  12. Selected Case Histories: Malicious Attacks
  13. Selected Case Histories: Unintentional  Incidents
  14. Industrial Control System Incident Categorization
  15. Recommendations
As long as you can read this blog post you could assume that there is enough power for all computers involved in the chain from the server holding this bog to your computer.
When you will see the following message on your screen: "Sorry, we are out power!" don't worry that much - because the only message you CANNOT SEE ON YOUR SCREEN IS: "SORRY; WE ARE OUT OF POWER. No power no screen display. ;-) 
Click HERE for more details on the book.
I guess Joe would have spent another 100 or so pages to talk about IoT vulnerability if he would have written the book now. 
In a report published the other day by Wired you can read:
"On Tuesday, the internet-of-things-focused security firm Senrio revealed a hackable flaw it's calling "Devil's Ivy" a vulnerability in a piece of code called gSOAP widely used in physical security products, potentially allowing faraway attackers to fully disable or take over thousands of models of internet-connected devices from security cameras to sensors to access-card readers.
Using the internet-scanning tool Shodan, Senrio found 14,700 of XXXX's cameras alone that were vulnerable to their attack-at least, before XXXX patched it. And given that's one of the dozens of ONVIF companies alone that use the gSOAP code, Senrio's researchers estimate the total number of affected devices in the millions."
Click HERE for the full Wired report.
How long will you wait to implement more measures to protect your industrial control system?
Start now - latest next Monday.

No comments: