Blogs

What does it take for people to understand CONTROL SYSTEM cyber security?

I received the following message from Ron Southworth on my blog on nuclear power. ""¦ The "Need to Know" ethos is very much part of the culture and understandingly so. Still, as you say there are common frames of reference within control systems regardless of the process that can benefit...

Nuclear plant cyber security - they still don't get it

There is still an "us" (nuclear) vs "them" (non-nuclear) approach being taken by the nuclear industry with respect to working with the non-nuclear community on control system cyber security. Specifically, the December issue of Nuclear News references a nuclear plant instrumentation and control system meeting specifically on cyber security that...

Pushing against Jello…

Even experts don't understand"¦or we haven't done a very good job of making the issues known and understandable I had the opportunity for formal and informal meetings yesterday with some very influential and knowledgeable people in Washington.

Demonstration Process Control Network– A Vision

Following the August Applied Control Solutions Workshop in Knoxville, several utilities and vendors got together to discuss the idea of an "open test bed" for security that would also utilize DOE lab expertise. The concept of an "open test bed" means that all non-proprietary information from the testing would be...

Why we need a holistic approach to control system cyber security

The old security adage is that you are only as secure as the weakest link in the chain. ABB, the leading international power and automation technology group, announced that twelve of its utility partners have formed a consortium spanning two continents to privately fund advanced research and testing into securing...

Listen up, CEOs! Cybersecurity isn’t just on the plant floor…

Walt has just posted a link to a report written by Paul Twomey, among others. He's the head of ICANN. The report is about cybersecurity and the recent attacks on Rolls Royce and Royal Dutch Shell....

Rah, rah, FERC!

Regarding the FERC Letter on Aurora and industry misstatements

FERC Letter on Aurora and industry misstatements

The recent FERC letter to collect Aurora information has spawned some interesting reading. My comments are in red.

FERC climbs on the cybersecurity bandwagon…finally!

From the article: WASHINGTON (AP) - Federal energy regulators said Monday they have asked the White House to approve a rule that requires the electric industry to submit detailed reports about its progress in addressing potential cyber-security vulnerabilities. I...

From SANS Bites…

The following is from SANS Bites 12.11.2007 with my comments boldfaced :  [Editor's Note (Paller): This is a stunning development. NERC's cyber security standards were coming to be seen as almost totally ineffective (That statement is wrong- the industry has been fighting tooth and nail to justify and keep the...