New application note: Preventing the spread of the Stuxnet worm in both Siemens and non-Siemens network environments.
One of the key things Byres Security have learned in their test lab (and confirmed by
INL at the
ICSJWG - US Industrial Control Systems Joint Working Group - meeting last week) is that the Stuxnet worm is very aggressive once it accidentally gets into a control system. And once it is in, it is almost impossible to remove, since the worm just keeps popping up as it re-infects PCs.
To counteract this they wanted to create a document to give specific guidance on how to prevent Stuxnet and Stuxnet-like worms from migrating between ANSI/ISA-99 security zones in a control system. Of course the configuration examples they use are based on their Tofino Industrial Security Solution, but the concepts are generally applicable to other firewalls.
The paper (pdf) is available on the
Tofino Blog from Monday 7th September 2011.
No comments:
Post a Comment