Blogs

Adding domain expertise...

Apropos of the ongoing discussion on the SCADA list about the need to have domain expertise when you are working in cybersecurity, here's a press release from MU Security... Mu Security Grows Advisory Board Expertise in Critical Infrastructure and Enterprise Security Architectures   Addition of Byres Security CTO Eric Byres...

More security fun...

A former employee of a small California canal system has been charged with installing unauthorized software and damaging the computer used to divert water from the Sacramento River.Michael Keehn, 61, former electrical supervisor at the Tehama Colusa Canal Authority (TCAA) in Willows, Calif., faces 10 years in prison on charges...

Cybersecurity disclosures-- the game everybody can play

Joe Weiss posted an extremely thought-provoking blog entry this morning on Unfettered. He questions the hacker/cracker cultural meme of disclosing cybersecurity vulnerabilities for the sheer pleasure of doing it. I think Joe's on to something here. We have a serious problem in cybersecurity in control systems...we don't have en...

Control's Joe Weiss testifies before Congress

 Weiss says. In direct, honest and riveting testimony before the House Committee on Homeland Security, Control's "other blogger" Joe Weiss yesterday hammered NERC, FERC and called NERC's attitude toward cybersecurity "alarming at best and negligent at worst," while he recommended that ISA be given responsi...

ISCI jumps in with first product: distributes CS2SAT for DHS

From the release: ISA FINALIZING DISTRIBUTION AGREEMENT FOR CRITICAL INFRASTRUCTURE CYBER SECURITY TOOL   Houston, Texas (2 October 2007) - ISA announced today that it is nearing completion of a non-exclusive licensing agreement to distribute and market the Control Systems Cyber Security Self Assessment Tool (CS2SAT) through the ISA Security...

The Surfers do their homework: Tofino MUSIC certified

Announced yesterday by Eric Byres of Byres Security and Ian Verhappen, of MTL, in a joint press release, the Tofino Industrial Security Suite today is reported to be MUSIC certified by MU Security. From the release: TOFINO SECURITY SYSTEM GAINS MU SECURITY INDUSTRIAL CONTROL CERTIFICATION   First Byres Security and...

Siemens joins ISCI security compliance institute

Siemens added to the parade of large vendors willing to ante up a fair chunk of dollars to help found the ISA Security Compliance Institute, the third party standards compliance project originally conceived by Johann Nye of ExxonMobil.

Important News Amid the Spam

First job on Monday morning is cleaning all the weekend spam out of the mailbox. Amid all this weekend's offers to improve my love life, lend me money and help me make even more in real estate is the following notice.

Scary Stuff

The following showed up in my email box yesterday courtesy of Industrial Defender. It may be a worst-case scenario kind of thing, and cynical me always wonders about who benefits when such scary stories are released on the public that little understands exactly what the implications of such a hacker...

NIST puts new cyber security standard up for comment

From Keith Stouffer at NIST: NIST is pleased to announce that the second public draft of Special Publication 800-82, Guideline to Industrial Control Systems (ICS) Security, is available for public comment. NIST SP 800-82 provides guidance on how to secure ICS, including supervisory control and data acquisition (SCADA) systems, distributed...