What We Have Here Is a Failure to Communicate

Nancy Bartels of Control magazine and hijacking Joe's blog here. This story would be funny if it wasn't so scary. Wired magazine has broken the real story (or the latest iteration of the real story). The link is here. So it wasn't evil hackers from Russia after all.

The Illinois Water Hack Is a Test of the System for Disclosure – Is It Broken?

My blog on the Illinois water hack was directly based on a formal disclosure announcement by the Illinois State Terrorism and Intelligence Center - STIC (Note: My blog did not identify the state involved. That disclosure came from DHS).

Is the WaterISAC Helping the Water Industry? – The Illinois Water Hack Raises Serious Questions

Per the WaterISAC portal, the WaterISAC (Information Sharing and Analysis Center) is a community of water sector professionals who share a common purpose: to protect public health and the environment. The WaterISAC provides email notifications about threats and any incidents demanding immediate attention.

Water System Hack - The System Is Broken

Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:

Cyber Threats Can Affect Green Power Too

Posted by Joe Weiss:

Cyber Threat to Control Systems: Are Companies Expecting Too Much Info?

The industry uses the general term "threat information," but during more detailed discussions, it seems that the information companies seek is more like the traditional military concept of "tactical information."

Users get the security they're willing to pay for...and not any more. #pauto #cybersecurity #opsmanage #NERC

A lot of this will be in my December Editorial:

So what should we do about security? #pauto #cybersecurity

OK, faced with the Siemens vulnerability, which could have been anybody else's vulnerability just as easily, what should we do?

WIB releases vendor guidelines for functional security in the process industries #pauto

Auke Huistra,Project manager Cybercrime Information Exchange NICC, posted this on the SCADASEC mailing list:

Rockwell Micrologix security vulnerability disclosed--Rockwell works to fix the issue

The following was posted, among other places, on the SCADASEC listserv. Eyal Udassin, a well-known and well respected security researcher with significant experience with control system functional security has discovered a vulnerability in some of Rockwell's products, and he and Rockwell have moved quickly to fix the vulnerability.