Testing has demonstrated that the Siemens-Division Industry Automation platforms are compatible with the McAfee Application Control product, which uses a dynamic trust model to automate the whitelisting process, the companies announced.
Siemens was the company that supplied the industrial control platform used at the Iranian nuclear fuel enrichment plant at Natanz that was disabled by the Stuxnet worm.
David Hatchell, manager of energy and utilities at McAfee, told Infosecurity that the McAfee Application Control product “would have protected against propagation of the malware onto the [Iranian nuclear plant’s] process control system network by not allowing the code to execute. This would have meant protection against the zero-day exploits contained in this malware and the subsequent spread to the PLC [programmable logic controller] devices operating the plant.”
Commenting on the partnership with McAfee, Tino Hildebrand, head of marketing and promotion Simatic HMI at the Siemens-Division Industry Automation, said: “At the start of a project you have to design security into the solution, you have to raise awareness of all people responsible for the project and later operating the site. In addition, you have to take care of standard operation procedures to cover all relevant aspects. The security architecture has to be built with several layers of defense. McAfee Application Control for Siemens-Division Industry Automation is the cornerstone of this security concept.”