First Standards Based Comprehensive Cyber Security Suite Released

From the MU Security press releases--- MU SECURITY LAUNCHES NEW INDUSTRIAL CONTROL CERTIFICATION AND AUTHORIZED PARTNER PROGRAM "MUSIC" Certification Provides Open Migration Path to Government and Industry Emerging Standards; Honeywell leverages MUSIC Mu Security, a pioneer in the security analyzer market, today announced new Mu Security Industrial Control (MUSIC) certification...


The Federal Energy Regulatory Commission (FERC) Notice of Public Rulemaking (NOPR) has been issued for public comment and it should not come as a surprise. In December, the FERC Technical Staff issued their Technical Assessment of the North American Electric Reliability Council (NERC) Critical Infratsrcture Protection (CIP) cyber security standards.

Who's in charge, here?

Ever since the AP article reporting on Ganesh Devarajan from TippingPoint (a 3-com company) and his presentation at the Devcon hackers' conference last week, there has been a very interesting thread on the SCADA list. Fundamentally, however, most people on the list are saying that the problem is that reporters...

ACS Cybersecurity Conference pulls powerful speakers together

Control Magazine has been working very hard with Joe Weiss on this conference and we're really pleased to share the agenda with you. It is a real powerhouse conference. You can still come and be a part of it. Register at Agenda for the ACS CyberSecurity Conference

Hijinks from Defcon..."we will scary you!"

reports on the SCADA list: Researcher: Flaw exposes hack threat Staff and agencies 04 August, 2007 By JORDAN ROBERTSON, AP Technology Writer LAS VEGAS - Terrorists and other criminals could exploit a newly discovered software flaw to hijack massive computer systems used to control critical infrastructure like oi...

Homeland Security pronounces on control system security

The US Department of Homeland Security released its Catalog of Control Systems Requirements (Draft) July 2007  today. It is interesting reading. According to several commentators, it contains warnings about spam and social media-- things not entirely commonly associated with control syst...

What's this? A bogus security survey?

Jake Brodsky noticed this on the Industrial Defender website:

SP99-- who are those guys?

Ken Anderson will be speaking on security issues with Wireless applications. I don't know what happened, but this was supposed to be given by Bryan Singer... Anderson works for an oilsands company. What I want to talk about is where SP99 is, and what we're doing there.

More SOX trouble for utilities?

Thanks to Bob Landman of HL Instruments for posting about this on the SCADA list: July 12, VNUNet "” Utility firms sitting on hacking time bomb. Utility companies could be facing a hacking time bomb owing to poor security measures. As more utilitie...

Joe Weiss reports on NERC CIP and Electric Utility Safety

How Secure are the Electric Utilities if They Implement the NERC CIP Standards? The NERC CIP standards were developed in a consensus fashion with representation from the smallest to the largest utility organizations. In order to obtain consensus, the NERC CIP standards are ambiguous and at best provide a "minimum bar".