Fun and Games with Security

The kids are all right. They're getting down and dirty with the realities of cybersecurity down in San Antonio. See the news release below. It looks like the focus of this competition is standard, enterprise level security (not that there's anything wrong with that).

Lightbulbs Slowing Going on over Control System “Cyber Incidents”

I had a meeting Wednesday morning with an IEEE standards committee on cyber security of substation devices. Following that, Marshall Abrams from MITRE and I gave a presentation at RSA, which is billed as the world’s largest cyber security conference.

The Last Day: Joe Weiss Talks About Cyber-Deaths at Yokogawa Tech Fair

Cyber Does Affect Automation Devices Until 2000, my job was engineering agile and usable control systems. That meant vulnerable control systems,” said Joe Weiss, principal of Applied Control Solutions and founder of the Real-Time Cyber Security Conference. “Security and performance are generally in conflict.

Cyber Security Gets Serious

Well, it always was, of course, but now it seems we have the first fatalities related directly to a control system cyber failure. See the story from Wired here. Note that our own Joe Weiss is one of the key sources for the story. Nice to see a home boy making the big time.

Now It’s Official

The following report by Ryan Singel appeared at yesterday. April 09, 2008  On June 10, 1999, a 16-inch diameter steel pipeline operated by the now-defunct Olympic Pipeline Co. ruptured near Bellingham, Washington, flooding two local creeks with 237,000 gallons of gasoline.

Live from Yokogawa Tech Fair: To Fix System Bugs, Wurldtech Gets Fuzzy Wid It

Anything Can Be Hacked. The list of people who enjoy finding bugs more than Dr. Nate Kube isn’t very long. His company’s customers might be at the top of that short list. “When vendors or manufacturers use our stuff to find bugs, they’re just bugs,” explained the co-founder and CTO...

Live from Yokogawa: Cybersecurity for the Process Industries

Cyber security for the Process Industries

What’s Missing?

I have been involved in hosting a conference on control system cybersecurity for seven years. It has always been held with a focus on and with the perspective of a control systems engineer. Several events have “opened my eyes” to what seems to be missing: * Design issues.

Why Aren’t Solutions Addressing Problems?

I read about, or attend, government programs, industry programs, and industry conferences that purport to have solutions for “SCADA security”. All I can do is shrug my shoulders.  There are several fundamental issues that have not yet been addressed: - There is still a dreadful lack of understanding about legacy...

Nuclear plant cyber security has a ways to go

As a nuclear engineer who has worked inside and outside of the nuclear industry, I have my thoughts on why nuclear plants are so far behind non-nuclear facilities in securing control systems. I spent 5 years managing the EPRI Nuclear Plant Instrumentation and Diagnostics Program.