2011 December

December 2011

From Rome, to Rio de Janeiro, to Doha… Red Tiger Security is Actively Influencing Change in SCADA Security on a Global Scale

This latest whirlwind tour of the globe started a few weeks ago when we taught our latest revamped 5-day SCADA Security course in Rome, Italy. Over 120 hours of work was put into the complete revamp of the course that was started back in early 2009. New fresh SCADA lab operations were added to the course, including a virtualized Modbus simulator, and 3 new RTUs were thrown in the mix big of goodies for the students to attack. Daniel came out of the gate running with a complete revamp of the BackTrack modules all based on the latest BT5 build, and the feedback forms were full of compliments about how refreshing it was to attend a security course where all of the tools and attack exploits actually worked flawlessly out of the box and could be replicated later. We took away some nice tips for our continued refinement of the course, but overall it was a success. This takes our count up to 450 professionals that have gone through our training worldwide.

Next, our attention went south…very south… We were invited to work in a closed, invite-only, Industrial Control Systems Security workshop in Rio de Janeiro. With over 100 attendees, the event highlighted the fact that SCADA Security is a global concern, and South America is not lagging behind the pack. Our friends south of the border are very active in defining their own cyber security standards and looking to build a common resilient infrastructure.  These efforts are currently being led by the oil and gas sector, and they have a growing desire to harden their infrastructure.

Freshly baked by the Brazilian sun, I then jumped on a plane to hop continents again. This time heading east… to the middle east, to be exact. As I stand on top the roof of one of the many modern skyscrapers that crowd the corniche in Doha, I can watch the sun set over the country of Qatar. Although this country may be small in size, it is playing a leading role in defining Industrial Control Systems Security for the region. Our friends at ictQatar are in the progress of making their SCADA Security Standards for Qatar law, with mandatory enforcement coming in two years. Tomorrow starts a 3-day course for some of the oil companies in the region, and they are anxious to begin securing their infrastructure. Nobody wants to be the next Night Dragon or Stuxnet victim.

From these recent visits to Europe, South America, and the Middle East, I get a sense of community that stretches past geographical and political boundaries. Although we all speak different languages and use different currencies, the need to secure our critical infrastructure is the same. The SCADA Security movement is no longer a North America movement. It is a global issue, and we are happy to be able to play an important role in advancing this movement on a global scale.  One day we can look back and say that we have collectively moved the bar higher and helped create a more secure and resilient global infrastructure.


Leave a Reply