cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
SCADA Solutions

This space covers Check Point's solutions for Industrial Control Systems (ICS) & SCADA Security.

Shlomi_Feldman
inside SCADA Solutions Tuesday
views 64
Employee+

Mitigations for Insecure ICS Device Communication

Hi experts, I want to share with you the latest publication by the SANS Institute. although the publication author uses Modbus protocol, we can be sure that many other ICS protocols suffer from the same issues. enjoy your reading
Shlomi_Feldman
inside SCADA Solutions a week ago
views 147
Employee+

Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets

Hi Experts, I want to share with you details about sever vulnerability published yesterday by Siemens and is related to large number of Siemens products which uses PROFINET-IO. Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentiallyaffected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests aresent to the DCE-RPC interface.   Siemens has released updates for part of the affected products, but still is far from releasing update to all of the affected products.   Until Siemens will release update to all of the affected products, Siemens recommend customers to disable PROFINET (if possible) or to create a firewall rule that blocks the PROFINET Context Manager port (34964/udp)    
Shlomi_Feldman
inside SCADA Solutions 2 weeks ago
views 154
Employee+

Israel becomes first nation to cyber regulate hazardous materials industry

https://www.jpost.com/HEALTH-SCIENCE/Israel-becomes-first-nation-to-cyber-regulate-hazardous-materials-industry-616743 Just wanted to share with you an interesting article about a new ICS cyber security regulation in Israel.   
Shlomi_Feldman
inside SCADA Solutions 2020-01-18
views 202 1
Employee+

Are Utilities Keeping Up with the Industrial Cyber Threat?

Hi ICS community, It is always interested to learn the point of view of a large, if not the largest, ICS vendor around the world. hope that you will enjoy it and will find it useful
Sunil_Mishra
inside SCADA Solutions 2020-01-09
views 212 1
Employee

SCADA Protocol

Is below SCADA protocol supported by Checkpoint ? I have identified few of them are supported but need confirmation for rest all protocol.   Sr. No Protocols List Compliance 1 Power System Automation Protocols:   1.1 ▪ IEC 60870-5 Yes- we support IEC 60870-6 (ICCP) 1.2 ▪ IEC 61850 Yes 1.3 ▪ ICCP Yes - Refer first point 1.4 ▪ DNP-3 Yes 1.5 ▪ Modbus Yes 2 • Metering Protocols   2.1 ▪ DLMS/IEC 62056 Yes 2.2 ▪ Mbus   2.3 ▪ ZigBee Yes 2.4 ▪ PLC/RF Mesh Yes 3 • Smart Grid /IIoT Protocols   3.1 ▪ OSFP   3.2 ▪ OCPP   3.3 ▪ Open ADR   3.4 ▪ MQTT Yes 3.5 ▪ IEEE 2030.7   3.6 ▪ IEC 63110   3.7 ▪ CIM IEC 61968/IEC 61970   4 • Others   4.1 ▪ FTP / FTPS Yes 4.2 ▪ HTTP Yes 4.3 ▪ XMPP   4.4 ▪ OPC/OPC-UA Yes 4.5 ▪ SOAP       Regards / Sunil Mishra
Shlomi_Feldman
inside SCADA Solutions 2019-12-03
views 202
Employee+

Omron CX-One IPS protections

Hi ICS followers in the last several weeks, we add/improved 2 important protections to our IPS signatures related to Omron CX-One vulnerabilities. https://www.checkpoint.com/defense/advisories/public/2018/CPAI-2018-0484.html https://www.checkpoint.com/defense/advisories/public/2018/CPAI-2018-1210.html why it is so important? that I bother to inform you about it. with the CX-One Omron present unique approach by providing one software suite allows users to build, configure, and program a host of devices such as PLCs, HMIs, motion-control systems and networks using just one software package with one installation and license number. This greatly reduces the hassle of software maintenance and management at both the End-User and OEM level.  While we all can acknowledge the operational benefit of having one software to configure all ICS systems. From cyber perspective it might be extremely dangerous, when this software suffer from vulnerabilities which allow the attacker to damage the projects files outcome.    
Shlomi_Feldman
inside SCADA Solutions 2019-12-01
views 222
Employee+

Operational Technologies Cyber Security Alliance - OTCSA

come and join us at the OTCSA https://otcsalliance.org/ together we can beat the risk!!! If you want further details please contact me
Shlomi_Feldman
inside SCADA Solutions 2019-11-22
views 253 1
Employee+

A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems

Hi all ICS/SCADA followers, just wanted to share with you the following published article https://www.wired.com/story/iran-apt33-industrial-control-systems/ It seems that the Iranian team is shifting his focus from IT to OT and critical infrastructures networks. if you have any question please contact me and let discuss it
Shlomi_Feldman
inside SCADA Solutions 2019-11-11
views 226
Employee+

The Internet of Things Asks: Comfort or Privacy?

a short clip worth load of words..... The future is here, but are we really ready for it? how do we protect our IOT technologies? we at Check Point got a clue, check out our new IOT controller   
Shlomi_Feldman
inside SCADA Solutions 2019-11-10
views 227
Employee+

Nuclear Power Corporation confirms malware in computer at Kudankulam plant - update

hi just wanted to share with you a publication in Cp blog concerning the incident   https://blog.checkpoint.com/2019/11/07/how-malware-detected-at-indias-nuclear-power-plant-could-have-been-prevented/?utm_source=browser&utm_medium=push-notification&utm_campaign=push-notification-blog  
Shlomi_Feldman
inside SCADA Solutions 2019-10-30
views 243
Employee+

Nuclear Power Corporation confirms malware in computer at Kudankulam plant

Hi SCADA experts, I want to share with you the following publication concerning a cyber incident at a power plant in India https://www.indiatoday.in/india/story/nuclear-power-corporation-confirms-malware-in-computer-at-kudankulam-plant-1614115-2019-10-30   we notice once again that systems that supposed to be segmented or even air-gaped, still getting penetrated. For my point of view the biggest problem is not the event itself, but the fact the NPCIL denied the existence of the event.   I will continue to follow-up and to keep you updated
Shlomi_Feldman
inside SCADA Solutions 2019-10-21
views 254
Employee+

ICS communication types

Hi Checkmates, Just wanted to share with you few options of ICS communication type you might find our there. according to your opinion, what is the best option which offer the highest level of security with the major operational flexibility? holding for your comments          
Shlomi_Feldman
inside SCADA Solutions 2019-10-16
views 255
Employee+

Vulnerabilities Remediation

Hi Checkmates, Almost on weekly bases we get notifications about new detected vulnerabilities related to OT/ICS equipment. In several cases these vulnerabilities make a huge buzz in the market, like we noticed with the VxWorks Urgent/11. In most cases it takes significant amount of time for the vendors to deliver patches to solve the vulnerabilities and on the same time we shouldn’t forget the fact that OT/ICS customers don’t patch their equipment.     Attached you can find the recently released notification by Schneider electric concerning a vulnerability at high-end PLC M580. The reason I share with you the info, is not because this vulnerability is special, but to show you how simple the vendor remediation instructions are and even more important how it correlate with our story.   Set up network segmentation and implement a firewall to block all unauthorized access to port 80/HTTP on the controllers. Locate control and safety system networks and remote devices behind firewalls, and isolate them from the business network. All methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. should be scanned before use in the terminals or any node connected to these networks Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.   Next time you will need to address this issue with your customers, please don’t forget to show this example for the customer.
Shlomi_Feldman
inside SCADA Solutions 2019-10-16
views 342 3
Employee+

BLUEPRINT FOR SECURING INDUSTRIAL CONTROL SYSTEMS

Hi Checkmates, I want to share with you all the latest document we released concerning ICS security. This is by far one of the most detailed documents currently available in the market which can assist most of us when coming to design a solution for ICS environment. https://www.checkpoint.com/downloads/products/cp-industrial-control-ics-security-blueprint.pdf   Special thanks for Jeroen De Corel for the excellent work writing this paper.