ICS News, Articles and Updates

Luck prevents malware fatally damaging critical infrastructure - this time!

Triton malware joins Stuxnet, Havex / Dragonfly, Blackenergy2/3, and Industroyer / CrashOverridet specifically targeting industrial networks: Passive network monitoring with hybrid threat detection needs to be implemented now.

Three simple steps to secure your ICS systems against digital threats

Industrial control systems (ICS), which manage utilities such as water, gas, and electricity, are going online so that jobs once carried out manually can now be carried out remotely or with the help of automation.

Critical infrastructure security - getting to grips with EU NIS Directive

EU NIS Directive: As the implementation of the first true piece of cyber-security legislation draws near, Jalal Bouhdada discusses its potential impact on 'operators of essential services.

IOActive reveals security vulnerabilities in radiation monitoring devices

Security researcher discovers numerous security flaws in multiple devices tasked with detecting radiation in critical facilities.

CREST says that cyber-security in ICS needs a kick up backside

The not-for-profit accreditation body CREST says a lack of "standards-based technical security testing" is putting industrial control system environments at risk.

Power industry significantly concerned of cyber-threats, says industry exec

National Grid spokesperson tells SC "gas and electricity networks are isolated from our everyday business systems to ensure our networks remain safe and reliable."

'Industroyer' malware spells trouble for industrial control systems

A new piece of industrial control malware has emerged. Dubbed, Industroyer by its analysts, the piece spells trouble for industrial control systems.

Advanced new destructive wiper malware discovered in the wild

In the wake of the Shamoon malware attacks, a new wiper targets the Middle East and shows interest in European targets.

Bugs detected in Siemens RUGGEDCOM NMS line

Two flaws have been detected in Siemens RUGGEDCOM NMS line of network management tools that could open the equipment up to remote exploitation.

How security can be the linchpin of Industrial IoT evolution

Will Culbert delves into the Industrial Internet of Things, touching on how digital technology may define industrial control operations and maintenance almost as much as the physical engineering itself.

Vulnerability discovered in Schneider Electric data centre monitoring system

Schneider Electric issues patch for StruxureWare Data Centre Expert used by banks, media corporations, insurers, medical centres and other companies to monitor critical systems such as video surveillance and fire suppression.

Hackers v Squirrels: who's the bigger danger to power grids?

Cris Thomas from Tenable Network Security compares the damage done to the US power grid by animal life, with damage that could be done by those with a more malicious intent and asks, are we over-hyping the risk?

Vulnerabilities found in GE SCADA systems, password interception possible

GE plugs vulnerability in SCADA systems that could have allowed attackers to intercept passwords and disrupt utilities and factory operations.

Industrial Control Systems (ICS) and Cyber-Risks

Mark Carolan outlines why IT security managers should be worried about ICS in their Infrastructure

Finns have their heating systems knocked offline by a DDoS attack

Finnish media reports on a DDoS attack on residential buildings in Lappeenranta, Finland, which knocked the heating and hot water offline.

4SICS: surprise surprise, ICS melding with IT to bring a whole host of issues

Vidar Hedtjarn Swaling, analyst for the societal security and safety department at the Swedish Defence Research Agency announced his department's research into how ageing is regarded, and dealt with, in the area of industrial control systems.

4SICS: making cyber-threat intel work better for ICS pros

Thomas Schreck, principal engineer of Simenes' CERT, alongside Margrete Raaum, leader of the KraftCERT from Norway told an audience at 4SICS 2016 on why cyber-threat intelligence plays an important part in information sharing in the energy industry.

RCE vulnerability found on ICS management software

Industrial cyber-security firm Indegy has found a remote code execution vulnerability inside Schneider Electric's flagship ICS management software, Unity Pro.

4SICS: The ICS security challenges faced by a grid operator

Erwin Kooi, information security architect spoke at 4SICS 2016 and shared his thoughts on digitising Alliander's electricity service, while making sure it stays secure.

4SICS: ICS threats are mostly unknown, industry needs more information sharing

Robert M. Lee, CEO of Dragos Security, says that not enough information sharing happens in ICS industry, because of this the threats to ICSs are largely unknown.

Kaspersky launches self-titled OS to protect ICS

Kaspersky Lab has reportedly finished its self-titled OS which has been built from the ground up with the aim of protecting industrial control systems.

Concern about Chinese involvement at Hinkley Point is misdirected, say experts

Experts say that government concerns over cyber-security at the new nuclear power plant at Hinkley Point are misdirected and that the Chinese are not the real worry.

Researchers discover ICS attack method that spreads through networks

A team of researchers discover a new method of launching attacks that would threaten global critical infrastructure and utility providers through a worm that spreads through utility networks.

Video: Kaspersky says attacks on 'critical infrastructure' on the rise

Information technology and process automation, essential to modern industrial facilities, are under threat from hackers who are increasingly targeting ICS and SCADA systems, says Eugene Kaspersky.

Honeywell Midas Gas detector vulnerable to attack

A recent report by the ICS-Cert advisory states that the Midas and Midas black gas detectors made by Honeywell are vulnerable to attack. The hack allows people to modify the the settings of the device without proper authentication.

4SICS: The perils of investigating security incidents on industrial control systems

Industrial control systems running on outmoded operating systems and ancient hardware present special challenges for forensic investigators trying to track down malware, Mark Fabro told SCMagazineUK.com at 4SICS last week.