Blogs

About that CIA disclosure…

I posted this earlier today on the A-List at www.control.com in response to a question about the veracity of the CIA report at SANS: Joe Weiss (www.controlglobal.com/unfettered) and I believe the CIA report to be credible. Why we believe that is not for this public forum. Sorry to be mysterious.

Signals from Distributech, and Joe believes the CIA

News from Tampa

ISA Selects Wurldtech As Service Provider For New Industrial Cyber Security Tool

From the press release:

What, exactly does the CIA know?

 has a very interesting and provocative discussion about the CIA disclosure at SANS last week. This is the second time SANS has made an unverifiable disclosure on control system cyber extortion. SANS needs to provide more detailed information not only to validate its authenticity but to provide enough information for i...

FERC plays Solomon with the NERC CIPs

The NERC critical infrastructure protection (CIP) reliability standards to protect the nation's bulk power system against potential cyber security impacts have drawn passionate partisans-those who believe they are sufficient (NERC and the utilities); and those that believe they are not adequate (Congress, control system experts, cyber security experts, etc).

Control systems are isolated, not…

How isolated are control system networks? There is a prevailing view by many that corporate firewalls and DMZ's provide adequate screening and protection to minimize "hits" on control system networks. Consequently, there is an expectation that control system firewalls (if they even exist) will see very little traffic.

Can you hack the grid from your home thermostat??

In California, we have 236 pages of state-mandated standards for building energy efficiency, known as Title 24.  The proposed revisions to Title 24 include the requirement for a "programmable communicating thermostat" (PCT). Every new home and every change to existing homes' central heating and air conditioning systems will be...

And just how real is the cyber threat?

Last Friday, I met with an electric utility with combined cycle power plants. I mentioned the potential vulnerability of the electronic (cyber) link from the combustion turbine vendor to the utility. On Monday, I got the following e-mail: "Saturday after remotely tuning the unit, the combustion turbine vendor gave...

Here is where the difference lies…

. Here's what the blurb said: "Symantecâ„¢ Endpoint Protection: A unified, proactive approach to endpoint security Organizations today face a threat landscape that involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities in endpoint de...

What does it take for people to understand CONTROL SYSTEM cyber security?

I received the following message from Ron Southworth on my blog on nuclear power. ""¦ The "Need to Know" ethos is very much part of the culture and understandingly so. Still, as you say there are common frames of reference within control systems regardless of the process that can benefit...