Wurldtech In The News

Since the Stuxnet Worm Hit, Vendors and End Users Alike Are Thinking and Talking About Their Security Policies

December 08, 2010

 It's been a tumultuous last few months for industrial control system security.  Since July 15, when word of the Stuxnet worm hit, vendors and end users alike have been thinking and talking about their security policies.  At the Invensys Operations Management user conference in October, an "all-star" panel discussed cybersecurity.  Members included Ernie Rakaczky of Invensys, Tyler Williams of Wurldtech, Marty Edwards of Idaho National Laboratory, Tim Roxey, CTO of NIST, Peter Kwasion of Shell, and Charles Ross of McAfee Security.

The panel had very few comforting words for end users, who want their vendors to take care of all these nasty little security problems.  The theme was, if you want that, tough noogies.

Rakaczky said, in his view, users need to take up to 65% of the responsibility for securing their systems, while vendors should be responsible for 15% and 20% should be "co-shared."

Those numbers are probably right, assuming the vendor is doing all it can to ensure that its control system hardware, firmware and software is as secure as it can make it, said Williams, whose company, Wurldtech, makes the Achilles testing suite.

Malware is growing by 800% year over year, and 2010 surpassed all of 2009 by April, said Ross.  Malware is a big business, and highly trained professionals are producing it.  Stuxnet, for example, is what Ross called "the first advanced persistent threat (APT) to control systems.  It isn't hard to imagine the payload of Stuxnet being modified for products other than those of Siemens. 

Read the full story.