Siemens is a big player in the industrial automation world, especially in Europe. Their main product right now is PCS 7, which seems to be one of the targets. They do work in a lot of different industries, including chemicals, oil & gas, food & beverage, and biofuels.
>From the Siemens website: http://bit.ly/9oSDCj Interestingly, they specifically say that none of the known infections have caused failure of the automation system... strange. On Oct 1, 8:37 am, Cary Preston <[email protected]> wrote: > Update: the malware is targeting specific components from Siemens, and has > now spread to China. The last report I read said that it had a small > footprint in Southeast Asia, but it is on the verge of being bigger in China > than it is in Iran. It's also rumored that one of the filenames points to it > having Israeli origins. > > Sent from my iPad > > On Oct 1, 2010, at 8:17 AM, Luke <[email protected]> wrote: > > > > > For Instrumentation and Control Systems, the professional society is > > the ISA (International Society of Automation, formerly the Instrument > > Society of America), of which I am a member... just renewed, in fact! > > > ISA-5.06.01 is the Functional Requirement Spec for Control Software > > Applications, and one of the main governing documents for the > > software. But it is more of a design spec than anything else. It's > > not hard and fast "this is how to write code" but like most design > > specs it describes the minimums necessary to produce a sound control > > system. > > > There is also ISA TR99, which is "Security Technologies for Industrial > > Automation and Control Systems," but that is not a spec per-se; it's a > > Technical Report, which means that you can use it as reference but not > > as a specification. > > > The ISA has been pushing security ("cybersecurity" is the term often > > used in industry to differentiate from physical, real-world security) > > a lot in the last few years. Personally I think we'll get Technical > > Reports rather than a full blown spec because the nature of the > > security threats is going to keep evolving, like this malworm. This > > is something brand-spanking new. Sure, "regular" malware can be > > devastating to individual users, but industrial malware which can take > > a nuclear power plant's safety protocols offlne is the stuff of > > apocalyptic science fiction! At least, it was until now! > > > On Sep 30, 5:42 pm, James Peluso <[email protected]> wrote: > >> Thanks for the info Luke. Does your industry have any checks and balances > >> when it comes to firmware and coding? Like an ieee or iso standard? Just > >> thinking on how to prevent an exploit of this nature > >> On Sep 30, 2010 4:31 PM, "Luke" <[email protected]> wrote: > > >>> Die Hard 4 was about shutting down government infastructure, wasn't > >>> it? So in a way, yes, because certain infastructure (a good example > >>> would be traffic control) would be controlled by an automation system > >>> of some kind, most likely a Distributed Control System. > > >>> This one specifically targets industrial automation systems. For > >>> example, on the project I am working we have a general plant > >>> automation system (let's call it SPIC) and a more stringent, safety- > >>> related automation (lets call it KELS), both of which are running as > >>> Distributed Control Systems, albeit each one is seperate and > >>> different. We also have a general plant data network, which is all of > >>> the ethernet, VOIP, and other "administrative" automation stuff. SPIC > >>> and KELS would be the industrial automation stuff which a worm like > >>> this might attack. > > >>> On Sep 30, 4:14 pm, James Peluso <[email protected]> wrote: > >>>> I'm kind of naive to this part of the industry but, is this what Die Hard > >> 4 > >>>> is about? > > >>>> On Thu, Sep 30, 2010 at 4:12 PM, Luke <[email protected]> wrote: > >>>>> I'm an Instrumentation & Control Systems Engineer, so industrial > >>>>> automation systems like the ones Stuxnet attacks is right in my > >>>>> department's wheelhouse. Needless to say we are watching this VERY > >>>>> closely. Industrial automation software is very specific and very > >>>>> proprietary -- so a piece of malcode which can attack it has to be > >>>>> very specific and single-minded. > > >>>>> On Sep 30, 11:21 am, Cary Preston <[email protected]> wrote: > >>>>>> And Iran is taking a beating: > > >>>>>>http://www.debka.com/article/9050/ > > >>>>> -- > >>>>> You received this message because you are subscribed to the Google > >> Groups > >>>>> "The Unique Geek" group. > >>>>> To post to this group, send email to [email protected]. > >>>>> To unsubscribe from this group, send email to > >>>>> [email protected]<theuniquegeek%2bunsubscr...@googlegroups.com> > > >> <theuniquegeek%2bunsubscr...@goog legroups.com>>> > . > >>>>> For more options, visit this group at > >>>>>http://groups.google.com/group/theuniquegeek?hl=en. > > >>>> -- > >>>> Jim > > >>>> blog <http://jimpeluso.wordpress.com> > >>>> "Keep moving Forward"- Hide quoted text - > > >>>> - Show quoted text - > > >>> -- > >>> You received this message because you are subscribed to the Google Groups > > >> "The Unique Geek" group.> To post to this group, send email to > >> [email protected]. > >>> To unsubscribe from this group, send email to > > >> [email protected]<theuniquegeek%2bunsubscr...@googlegroups.com> > >> .> For more options, visit this group at > > >>http://groups.google.com/group/theuniquegeek?hl=en. > > >> - Hide quoted text - > > >> - Show quoted text -- Hide quoted text - > > >> - Show quoted text - > > > -- > > You received this message because you are subscribed to the Google Groups > > "The Unique Geek" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/theuniquegeek?hl=en.- Hide quoted text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "The Unique Geek" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/theuniquegeek?hl=en.
