cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Shlomi_Feldman
inside SCADA Solutions 2 weeks ago
views 74
Employee+

Developing Cyber Resilient Systems

Hi to you all OT/SCADA/IOT cyber experts I want to share with you the latest document released by the NIST organization. I highly recommend you to go directly to Appendix I and J which directly relate to OT systems and then to return and to read the relevant parts. enjoy
Shlomi_Feldman
inside SCADA Solutions 4 weeks ago
views 99
Employee+

Oil and Gas Firms Targeted By New LYCEUM Threat Group

information recently published   https://threatpost.com/oil-and-gas-firms-targeted-by-new-lyceum-threat-group/147705/
Shlomi_Feldman
inside SCADA Solutions a month ago
views 156 2
Employee+

short Quiz

anyone got a clue, what is the sever vulnerability of the PLC in the image?    
Valeri_Loukine
inside SCADA Solutions 2019-08-23
views 2870 5 2
Admin

White Paper - Securing Industrial Control Systems - Check Point AAD

Securing Industrial Control Systems Check Point AAD (Anomaly and Asset Detection) Mapped to NISTIR 8219 Behavioural Anomaly Author @Mark_Barnes  Abstract: The US National Institute of Standards and Technology (NIST), National Cybersecurity Center of Excellence (NCCoE), in conjunction with NIST’s Engineering Laboratory (EL) recently released a draft paper, Interagency Report 8219 - named: “Securing Manufacturing Industrial Control Systems: Behavioural Anomaly Detection (BAD)”, putting forth the idea that anomaly detection is an essential tool for owners of Industrial Control Systems (ICS) to identify, mitigate and remediate Cyber threats to Operational Technology (OT) environments. The goal of this document is to raise awareness of a Check Point tool, Asset and Anomaly Detection (AAD), available to ICS owners, both government and commercial and to compare the Check Point solution to the ideas put forth in the NIST paper.   For the full list of White Papers, go here. 
Shlomi_Feldman
inside SCADA Solutions 2019-08-16
views 103 1
Employee+

Cybersecurity for Distributed Energy Resources

An interesting paper especially for our friends on the other side of the Atlantic ocean.  The National Cybersecurity Center of Excellence (NCCoE) is responding to a need within the energy sector to protect information exchanges between utilities and distributed energy resources (DERs) in their operating environments. As an increasing number of DERs are connected to the grid, this growth provides an opportunity to examine its impact on the cybersecurity of these connections. Although the paper was written by a US based organization, the paper point of view is important for all regions. as part of the green energy trend, we notice more and more energy resources connecting to the grid.   enjoy reading and let me know if you have any question
Shlomi_Feldman
inside SCADA Solutions 2019-08-12
views 132 1 1
Employee+

Rogue7: Rogue Engineering-Station attacks on S7 Simatic PLCs

during last week Black hat event, a team of Israelis university researches published their recent work. In the research they share with us to they managed to attack the latest generation Siemens S7 PLCs, which are considered the most secured in the industry. I hope you will find it interesting. if you have any question please don't hesitate to contact me
Shlomi_Feldman
inside SCADA Solutions 2019-08-11
views 115
Employee+

Urgent/11 - 11 Zero Day Vulnerabilities Impacting VxWorks, the Most Widely Used Real-Time Operating

In the last several days, we notice a large campaign advising about discovered vulnerabilities concerning VxWorks operating system. some publications claim that the vulnerabilities effect 200 million devices, while other claim it effect up to 2 billion devices. The danger of these vulnerabilities stand in the fact that this operating system is very common in use in s variety large and completely different sectors. in addition, there is no clear visibility which devices exactly uses this operating system. Even the researcher which found the vulnerabilities https://armis.com/urgent11/#/devices are unable to provide exact and detailed list about the effected devices. this lack of visibility pose real difficulty for the users attempting to mitigate this risks. I would be more than happy to get your comments and thoughts about the issue
Shlomi_Feldman
inside SCADA Solutions 2019-07-13
views 423 1
Employee+

A funny approach what is PLC

Many times I think that the ICS/SCADA cyber security subject, is too serious based on doomsday imagination. this is why I like such comic publication, as it explain us the subject but still don't save us from all the fear aspects. small spoiler, I never thought that the first ICS cyber attack took place in the star-wars movies      
Shlomi_Feldman
inside SCADA Solutions 2019-07-04
views 406
Employee+

Schneider Electric Modicon Controllers

2 days ago the US ICS-CERT released a vulnerability notification related to Schneider electric Modicon Controllers. you can find the notification attached. While Schneider offer to M580 and M340 controllers owners, a firmware update which solves the vulnerability. Schneider don't offer any practical solution for Quantum and Premium controllers owners and the only solution is to replace these old controllers with the new models. as controllers upgrade is not a simple nor cheap process, most of the owners will not make it and will remain unprotected. Schneider recommend to mitigate risks associated with this  vulnerability, users should immediately set up network segmentation and implement a firewall to block all unauthorized access to Port 502/TCP. This is the first time we notice a vendor of Schneider scale, recommend about specific active Firewall policy to BLOCK  to block all unauthorized access to Port 502/TCP.
Shlomi_Feldman
inside SCADA Solutions 2019-06-04
views 1339 2
Employee+

How an integrated Firewall on a PLC looks like

just wanted to share with you, so you will know how it is look like.   
Valeri_Loukine
inside SCADA Solutions 2019-05-13
views 759 2
Admin

White Paper - Deploying 1200R Security Gateway with Zero Touch Cloud Service

Author Jon Goldman @Jon_Goldman  Abstract: In recent years SCADA and ICS systems have increasingly relied on basic Ethernet, TCP/IP and Windows for all communications, specifically most of the environments use MODBUS, DNP3 SCADA network protocols. Many of these protocols have known shortcomings that make them susceptible to attack. 1200R is a solid-state appliance is specifically designed to secure SCADA (supervisory control and data acquisition) protocols and OT (operational technology) equipment that operates under harsh environmental conditions. Check Point 1200R includes Stateful inspection Firewall, IPS and Application Control software blades. It complies with industrial specifications IEEE 1613, IEC 61850-3, IEC 60068-2 for heat, vibration and immunity to electromagnetic interference (EMI). The purpose of this document is to provide step by step guide on how to deploy multiple 1200R appliances using Zero Touch Cloud Service.   For the full list of White Papers, go here. 
Shlomi_Feldman
inside SCADA Solutions 2019-05-05
views 3469 3 1
Employee+

Global ICS Vendor Cyber security "best practie"

Schneider Electric recommend their customers the following best practices to secure their industrial networks • Locate control and safety system networks and remote devices behind firewalls, and    isolate them from the business network.• Physical controls should be in place so that no unauthorized person would have access    to the ICS and safety controllers, peripheral equipment or the ICS and safety networks.• All controllers should reside in locked cabinets and never be left in the “Program” mode.• All programming software should be kept in locked cabinets and should never be   connected to any network other than the network for the devices that it is intended.• All methods of mobile data exchange with the isolated network such as CDs, USB   drives, etc. should be scanned before use in the terminals or any node connected to   these networks.• Laptops that have connected to any other network besides the intended network should   never be allowed to connect to the safety or control networks without proper sanitation.• Minimize network exposure for all control system devices and/or systems, and ensure   that they are not accessible from the Internet.• When remote access is required, use secure methods, such as Virtual Private Networks   (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the  most current version available. Also recognize that VPN is only as secure as the connected devices. we can notice immediately that above the physical security solutions, the vendor recommend the use of Firewall for segmentation, threat detection and VPN for remote connectivity. that proves once again how our core solutions are more than relevant to improve cyber-security in OT networks.     
Shlomi_Feldman
inside SCADA Solutions 2019-05-05
views 718 1
Employee+

Our IPS team wins once more, with new exclusive signatures for the ICS world

  About 10 days ago the US-DHS and US-NIST published the following medium range vulnerability related to Rockwell automation PLCs. https://nvd.nist.gov/vuln/detail/CVE-2019-10955 https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01   Vulnerability details: the vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine. in this short period of time, our team managed to investigate and to develop an IPS protection  which is capable to prevent an attack exploiting this vulnerability. The protection was released today and at the moment none of our competitors obtain equivalent protection for this vulnerability.
Shlomi_Feldman
inside SCADA Solutions 2019-04-27
views 952
Employee+

Interesting research about Universal Serial Bus (USB) threat vector to ICS networks

These are interesting times for Universal Serial Bus (USB) security. With increasing pressure to limit network access to industrial control systems, industrial plant dependence upon USB removable media to transfer information, files, patches and updates has been greater than ever. At the same time, past research into USB threats has shown that portable USB drives are one of the top threat vectors impacting industrial control systems. the research was done by Honeywell, which is one of the largest ICS global OEM   hope you will find it interesting
Shlomi_Feldman
inside SCADA Solutions 2019-04-22
views 2856 1
Employee+

Library of Resources for Industrial Control System Cyber Security

Hi Checkmates, I wanted to share with you this website https://scadahacker.com/library/index.html#sites which can provide you lots of resources for the ICS cyber security domain. I hope you will find it useful