The following is a partial collection of the technical articles and magazine columns the BSI team has written on the subject of SCADA and control system security over the last nine years.  We hope you find these useful and welcome your comments.

Maroon_Bar.JPG

E.J. Byres; "Wolves at the Security House Door(s) , Part 2." CONTROL Magazine. January 2008

The average corporate desktop is far more secure than the average PLC, yet the PLC is the asset that is far more valuable to company. [Read More]

Maroon_Bar.JPG

E.J. Byres; "Wolves at the Door(s) of the House of Straw." CONTROL Magazine. December 2007

We will probably never know how the Slammer worm made it into this facility, but the fact is that once the worm was on the inside, it found a very soft target and really could begin to do its worst...[Read More]

Maroon_Bar.JPG

E.J. Byres, Jim Bauhs, and Brian Mason; "Forget the Silos, Build the Bridge." In Tech Magazine, December 2007

Over the past 10 years, the industrial controls (IC) world has borrowed substantially from the world of information technologies (IT)...[Read More]

Maroon_Bar.JPG

E.J. Byres; "Making Cyber Security Work in the Refinery." InTech Magazine. October 2007.

Anyone reading InTech over the last five years will have seen many articles on the need to secure control systems from cyber attack.  Nearly all include descriptions of actual security incidents that will concern even the most hardened control specialist...[Read More]

Maroon_Bar.JPG

E.J. Byres and M Franz; “Uncovering Cyber Flaws” InTech Magazine, Instrumentation, Systems and Automation Society, Research Triangle Park, NC, p.21 -25 , Jan 2006

To ensure the safety and security of the process, company, and staff, find the vulnerabilities and break a negative chain of events...[Read More]

Maroon_Bar.JPG

E.J. Byres and J. Lowe; “Insidious threat to control systems”, InTech Magazine, Instrumentation, Systems and Automation Society, Research Triangle Park, NC, p. 76, January 2005
(Winner of the 2005 ISA Keith Otto Award)

The move to open standards is letting hackers take advantage of the control industry’s ignorance...   [Read More]
 
Maroon_Bar.JPG
 
D. Miller and E.J. Byres; “Why we need Security Audits”, InTech Magazine, Instrumentation, Systems and Automation Society, Research Triangle Park, NC, p. 76, March 2005
 
Corporations and PCN vendors are incapable of taking action to improve the security posture of the current or future process environments without specific solution requirements. Just saying "we need firewalls and encrypted SCADA protocols" is not enough. [Read More]
 
Maroon_Bar.JPG

E.J. Byres; "Cyber Security Risks for Critical Infrastructure", Innovations Magazine, Association of Professional Engineers and Geoscientists of British Columbia, Burnaby, BC, p. 17-19, September 2004

Without a great deal of thought about security, Canada and the world at large has shifted the control of critical processes in electricity, oil and gas production, water, manufacturing, and communications to networked computers. [Read More]

Maroon_Bar.JPG

J. Bauhs and E.J. Byres; “Who's the enemy? Don't look at IT”, InTech Magazine, Instrumentation, Systems and Automation Society, Research Triangle Park, NC, p. 76, April 2004

The IT community is a huge resource with knowledge on what works and doesn't work when it comes to security. The controls community needs to harness that knowledge and technology.  [Read More]

Maroon_Bar.JPG 

E.J. Byres; “The IT Department – Friend or Foe?”, Industrial Networking, Putman Publishing, Chicago, Vol. 2, No. 4, p. 11, Fall 2003 
 
One of the complaints I often hear from control engineers is that they must deal with an information technology (IT) department that doesn't understand the reality of the plant floor.    [Read More]
 
Maroon_Bar.JPG

E.J. Byres, R. Derynck and N. Sheble; “Cyber Security: SP99 Counterattacks”, InTech Magazine, Instrumentation Systems and Automation Society, Research Triangle Park, NC, p. 50 – 52, October 2003

Understanding how the new ISA SP-99 Standard is taking a more precise look at the security requirements for control systems in its technical reports.  [Read More]

Maroon_Bar.JPG

E.J. Byres; “Securing Wireless Ethernet on the Plant FloorIndustrial Networking, Putman Publishing, Chicago, Vol. 3, No. 1, p. 11, Winter 2004

Over the past year (2003) I've written about the serious security risks in using IEEE 802.11—a k a Wireless Ethernet or Wi-Fi—on the plant floor. With all my ranting, you’d think I was against using wireless networks in process control, but I actually like and use Wi-Fi a lot. It is simply too useful to be dismissed...  [Read More]

Maroon_Bar.JPG

E.J. Byres; “Wireless Ethernet’s Black Eye”, Industrial Networking, Putman Publishing, Chicago, Vol. 2, No. 3, p. 13, Summer 2003

In this column, we will look at what went so terribly wrong to give wireless technology a black eye in the security world   [Read More]

Maroon_Bar.JPG

E.J. Byres; “Wireless Securities Shaky Foundation”, Industrial Networking, Putman Publishing, Chicago, Vol. 2, No. 2, p. 13, Spring 2003

The wireless local area network offers too many benefits to be thrown on the technology trash heap, but it does have to be used with care...  [Read More]

Maroon_Bar.JPG
 
E. Byres, J. Carter, A. Elramly and D. Hoffman; “Cyber Security: Test Your System Five Ways”, InTech Magazine, Instrumentation Systems and Automation Society, Research Triangle Park, NC, p. 24 – 27, March 2003  [Read More]

Maroon_Bar.JPG
 
 E.J. Byres and D. Hoffman; “IT Security and the Plant Floor”, InTech Magazine, Instrumentation Systems and Automation Society, Research Triangle Park, NC, p. 76, December 2002 [Read More]

 Maroon_Bar.JPG
 
E.J. Byres and G. Gillespie; “Plan for Security”, Industrial Networking, Putman Publishing, Chicago, Vol.1, No.4, p. 24-27, Fall 2003
 
There are numerous network security technologies, methodologies, and policies that have been developed to secure the business system. Industry needs to learn how to use them   [Read More]
 
Maroon_Bar.JPG
 
E.J. Byres; “The Myth of Obscurity”, InTech Magazine, Instrumentation Systems and Automation Society, Research Triangle Park, NC, p. 76, September 2002

Ever since the tragic events of September 2001, the process control industry has been trying to understand the risks we face from possible attacks on our chemical plants, water systems, and energy infrastructures.  Unfortunately, too many people believe that process control systems are so obscure and complex no one could hack them – nothing could be further from the truth.  [Read More]

Maroon_Bar.JPG

E.J. Byres; "Can't Happen at Your Site? Network Security on the Plant Floor", InTech Magazine, Instrumentation Systems and Automation Society, Research Triangle Park, NC, p. 20 – 22, February 2002  

The serious impact that hacking and viruses have had on corporate information technology (IT) systems is well known. Less understood is the potential damage hackers can do to industrial control equipment such as programmable logic controllers (PLC) and human-machine interfaces (HMIs). This article outlines a multi-stage procedure to protect the plant floor from cyber attacks... [Read More]

Maroon_Bar.JPG

E.J. Byres; “Network Secures Process Control”, InTech Magazine, Instrumentation Systems and Automation Society, Research Triangle Park, NC, October 1998
 
 Any early article on the use of VLANS to secure control systems... [Read More]
 
Maroon_Bar.JPG

Byres Security Inc.
P.O. Box 178
Lantzville BC V0R 2H0

Phone: 250-390-1333
Fax: 250-390-3899
Email: info@ByresSecurity.com