Since the original AURORA test bed at Idaho Labs in 2007 much has been said about the merits of the test conducted and many conjectures concerning its validity have been made. It is important to remember that AURORA is not an isolated case that exists outside the cybersecurity framework. To...
How far should we go in adopting IT type rules for the management of cybersecurity on control systems. Will treating a control system as just another set of PCC's (from the IT perspective) cause more problems?
Qatar-based liquefied natural gas (LNG) producer RasGas reported in early September that malware shut down part of its computer system. This was the latest cybersecurity attack in the Middle East region after the attack on the computer network of a state owned oil producer in Saudi Arabia.
Russian antivirus firm Kaspersky Lab seeks a developer and analyst to create an operating system that could dissuade the next Stuxnet attack on industrial control systems. Currently, Kaspersky Lab wants to hire professionals with experience in programming PCS and Supervisory Control And Data Acquisition (SCADA) systems, implementing industrial networking and...
My blog on the Illinois water hack was directly based on a formal disclosure announcement by the Illinois State Terrorism and Intelligence Center - STIC (Note: My blog did not identify the state involved. That disclosure came from DHS).
Per the WaterISAC portal, the WaterISAC (Information Sharing and Analysis Center) is a community of water sector professionals who share a common purpose: to protect public health and the environment. The WaterISAC provides email notifications about threats and any incidents demanding immediate attention.
Is there really a lack of information about control system cybersecurity? Would you be willing to pay for outside help to address your cybersecurity issues? Would some sort of certification mechanism make you more willing hire this kind of expertise?
The industry uses the general term "threat information," but during more detailed discussions, it seems that the information companies seek is more like the traditional military concept of "tactical information."