Siemens announced some new security controls for the S7-1500 line of PLCs. The most interesting feature –“Access protection addresses the problem of protecting the application against unauthorized configuration changes.” We recommend cautious optimism until more details are available as the last Siemens PLC security announcement proved to be less than the press releases promoted. We have asked for the details and are hoping this is a major step forward. There is no pricing at this time, they are not taking orders, and it will not be available until February at the earliest.
We need to get more info on this SANS CyberCity project, especially what they are doing for the power plant.
Tweet of the Week
Worth Reading Articles
- Billy Rios Tridium Niagra – Directory Traversal – more for the story of its resolution than for the vuln
- Byres / Tofino Spoof on DCS Security Incident at the North Pole – clever
Critical Intelligence’s ICS Security Event Calendar Updates
- Northwest Public Power Association Cybersecurity 2013, Jan 23-25 in Tacoma, Washington
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by MaretH