[ISN] Siemens Enhances Security In Post-Stuxnet SCADA World

From: InfoSec News <alerts_at_private>
Date: Thu, 7 Jun 2012 02:58:11 -0500 (CDT)
http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/240001644/siemens-enhances-security-in-post-stuxnet-scada-world.html

By Kelly Jackson Higgins
Dark Reading
June 06, 2012

Stuxnet was not only bad news for Iran, but also for Siemens, whose 
process control systems were targeted in the attack that disrupted a 
nuclear facility in Iran. Since then, Siemens has quietly made several 
security moves in the wake of Stuxnet's discovery two years ago -- most 
recently, new industrial control products that come with built-in 
security features.

Raj Batra, president of industry automation division for Siemens 
Industry Inc., says the new Simatic CP and Scalance communications 
processor products with firewall and virtual private network (VPN) 
features help ratchet up security. But he also warns that there's no 
"silver bullet" to today's threats. "The introduction of our new Simatic 
CP and Scalance products only help to bolster Siemens' industrial 
security portfolio, but as we stress to our customers, there is no 
silver bullet to cybersecurity threats," Batra says. "Maintaining 
security is an ongoing process for plants and enterprises requiring 
collaboration at all levels."

Since Stuxnet, Siemens has been hammered by various security researchers 
who have poked numerous holes in the manufacturer's products, forcing 
Siemens to find security religion in a staid industry where air gaps 
traditionally were assumed enough to protect critical infrastructure. 
Stuxnet effectively burst that bubble of air gap protection for good, 
and Siemens has spent the past two years scrambling to shore up security 
in its products.

"During the past two years, Siemens has made several strategic decisions 
that have been well-received by both internal and external audiences, 
including developing new industrial security products and solutions, 
providing software updates incorporating security enhancements, 
increasing our communication and collaboration with key partners, 
including ICS-CERT and other government agencies, as well as the 
research community," Siemens' Batra says. "We have also developed 
consultative services to support our customers throughout the life cycle 
of their products or projects."

[...]


--
We're in a bit of a budget crunch,
Help InfoSec News with a Donation
http://www.infosecnews.org/donate.html
Received on Thu Jun 07 2012 - 00:58:11 PDT

This archive was generated by hypermail 2.2.0 : Thu Jun 07 2012 - 00:50:38 PDT