Blogs

AURORA and Its Effectives on Cybersecurity: Too Early to Pass Final Judgment

Since the original AURORA test bed at Idaho Labs in 2007 much has been said about the merits of the test conducted and many conjectures concerning its validity have been made.  It is important to remember that AURORA is not an isolated case that exists outside the cybersecurity framework.  To...

IT Rules for Cybersecurity of control systems

How far should we go in adopting IT type rules for the management of cybersecurity on control systems. Will treating a control system as just another set of PCC's (from the IT perspective) cause more problems?

Malware Attack on RasGAs in the Middle East

Qatar-based liquefied natural gas (LNG) producer RasGas reported in early September that malware shut down part of its computer system. This was the latest cybersecurity attack in the Middle East region after the attack on the computer network of a state owned oil producer in Saudi Arabia.

Building the Next System Capable of Fending Off the Next Stuxnet Attack on Industrial Control Systems

Russian antivirus firm Kaspersky Lab seeks a developer and analyst to create an operating system that could dissuade the next Stuxnet attack on industrial control systems. Currently, Kaspersky Lab wants to hire professionals with experience in programming PCS and Supervisory Control And Data Acquisition (SCADA) systems, implementing industrial networking and...

The Illinois Water Hack Is a Test of the System for Disclosure – Is It Broken?

My blog on the Illinois water hack was directly based on a formal disclosure announcement by the Illinois State Terrorism and Intelligence Center - STIC (Note: My blog did not identify the state involved. That disclosure came from DHS).

Is the WaterISAC Helping the Water Industry? – The Illinois Water Hack Raises Serious Questions

Per the WaterISAC portal, the WaterISAC (Information Sharing and Analysis Center) is a community of water sector professionals who share a common purpose: to protect public health and the environment. The WaterISAC provides email notifications about threats and any incidents demanding immediate attention.

Water System Hack - The System Is Broken

Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:

ACS 2011 Conference Summary - September 21

The final agenda can be found at www.realtimeacs.com There are several unique hallmarks of the conference:

Control system cybersecurity

Is there really a lack of information about control system cybersecurity? Would you be willing to pay for outside help to address your cybersecurity issues? Would some sort of certification mechanism make you more willing hire this kind of expertise?

Cyber Threat to Control Systems: Are Companies Expecting Too Much Info?

The industry uses the general term "threat information," but during more detailed discussions, it seems that the information companies seek is more like the traditional military concept of "tactical information."