In last week's blog, Professor Paul Dorey recently presented a paper about the seven important lessons the IT world has learned in managing Advanced Persistent Threats (APTs). In this article, I will discuss lessons #2, #3 and #4, and how to apply these lessons to ICS and SCADA security.

Recently a very complex worm called Flame has been discovered attacking companies in the Middle East, and it is an excellent example of what security experts call an Advanced Persistent Threat (APT). Figuring out how to defend against APTs is a major focus in the IT security world.

The discovery of the Flame malware last week focused the cyber security world on the sophisticated strikes targeting energy companies in the Middle East. Although Flame's goal was espionage rather than damaging operations as Stuxnet did, it has been seen as one more indication that the industrial world is now in the bull's eye of clever attackers.

Last week I was in the Middle East, speaking at a very interesting security conference attended by management from the region's major energy companies. Today's blog was going to cover what I learned at this event, but that will have to wait. Instead, in an interesting coincidence, a new super worm called Flame (or sKyWIper), has been discovered targeting sites in the Middle East. So today I will explore what impacts (if any) this new worm will have on SCADA or ICS security.

In 2010, the whole industrial automation world was stirred by the sudden appearance of the now infamous Stuxnet malware. In 2011 there were more publicly disclosed vulnerabilities than in the previous decade, with attack code readily available for more than a third of them. The need for improved cyber security for industrial networks has never been more apparent. Besides this targeted need, however, there is another reason why cyber security technology like Tofino is needed. That reason is the broader need for reliable networks that are used in mission-critical applications.