Blogs

Is there a SCADA link in the Terry Childs incident in San Francisco?

San Francisco and SCADA Jake Brodsky brought up the following, "Do management and law enforcement types have any clue as to how one might regain control of a SCADA system after a rogue employee has secured everyone out of it?" I had planned on saying something at the Conference next...

Plant IT really IS different

IT and Operations Differences I received an e-mail this morning from a Conference attendee wanting to know if I would give Continuing Professional Education (CPE) credits for the CISSP certification. I didn’t have an answer so I called the organization responsible for CISSP accreditation – the International Information Systems Security...

A word for the next administration…

Recommendation for next administration I have mentioned the Blue Ribbon Committee drafting recommendations for the next president on cyber security. I have been asked to draft a paper for the Committee on what the next administration should think about when it comes to industrial control systems. The paper will address...

It’s all thanks to Congress…progress, that is!

Congressional support – it has been necessary and fantastic   The NERC CIP process had been an exercise in futility for actually securing the grid. Through the efforts of Jake Olcott from the House Homeland Security staff and Congressman James Langevin and his House Homeland Security Committee, we have finally...

Why is there so much confusion?

Over the past two weeks as I have been preparing for the August Conference, I had conversations with a number of electric and water industry personnel.  The discussions spanned the gamut from complete denial to – yes we did have problems but did not consider them cyber.

Joe Sets the Agenda– a litany of cyber issues but are we making progress?

A litany of control system cyber issues – Are we making progress?

Severity Ratings…You must consider the context!

What do severity ratings REALLY mean? I read a blog on Digital Bond’s Bandolier project (www.digitalbond.com,

Control System Cyber Security and Auditors

Control System Cyber Security and Auditors

Electric Power 2008– is NERC CIP compliance a game?

I just returned from participating on a panel session at Electric Power 2008 in Baltimore. Electric Power 2008 is focused on electric power generation (not transmission and distribution). Consequently, it was fascinating to hear what the generation attendees felt about security and the NERC CIPs as well as to see...

Control sponsors 2008 ACS Cybersecurity Conference

Cyber Security Conference Focusing on Potential Causes, Prevention of Recent Power Blackouts and Plant Shutdowns (Trips) August 4-7, 2008 – Burr Ridge, IL   Applied Control Solutions, LLC announces the eighth in a series of conferences focused on cyber vulnerabilities of industrial control systems, August 4-7, 2008, in the southwest...