I had the opportunity to attend and participate in the St. Mary’s University Cyberterrorism Law Conference in San Antonio Wednesday and Thursday. There were several interesting observations: - Since the focus was cyberterrorism, the conference was heavily tilted the government and DOD.
From Bryan Singer at Wurldtech: Wurldtech is launching an applied research project which I think would appeal to folks like yourself. The planned undertaking is the largest study of its kind, examining the cyber security threats and vulnerabilities present in currently deployed control systems. By leveraging the Achilles platform...
I am at a cyberterrorism and law conference in San Antonio.
It has become clear to me there is a difference between how IT and Operations approach security. The IT security organization is very focused on security, sometimes to an extreme. The Operations organizations generally pay lip service.
: Most IT professionals are pretty confident that we know what applications and operating systems are running on our desktops and servers. So when a vendor like Adobe releases an announcement of some new critical vulnerability (
In Saturday’s SCADAlistserver, the following note was provided: “We are not safe. Nor can we ever be fully safe, for nature, organizations, and terrorists promise that we will have disasters evermore." So concludes this important and chilling book by Charles Perrow, professor emeritus of -sociology at Yale University.
Substation equipment and cyber issues Much has been written about what did, didn’t, or could have happened with the recent Florida blackout. Any potential terrorism issues would be physical and/or cyber. Physical terrorism is generally visible and can be ruled in or out fairly quickly.
This week’s Florida power outage and resultant shutdown of the two Turkey Point nuclear plants raises a very important issue that the government needs to address. Firstly, the protection systems at Turkey Point appeared to work as designed to protect the units from an outside disturbance (this was not a...
I’m frankly tired of people telling me there is no difference between IT enterprise security and plant level IT security. They can blow on and on about that for all they want, but they can’t prove it. I CAN prove my assertion. Here’s more proof.
One of the highlights of the Applied Control Solutions August Control System Cyber Security Conference will be a demonstration of a cyber attack on a typical process control safety system. The attack will traverse a firewall faulting both a typical controller and safety system without an indication at the operator...