Blogs

The Next Catastrophe

In Saturday’s SCADAlistserver, the following note was provided: “We are not safe. Nor can we ever be fully safe, for nature, organizations, and terrorists promise that we will have disasters evermore." So concludes this important and chilling book by Charles Perrow, professor emeritus of -sociology at Yale University.

Substation equipment and cyber issues

Substation equipment and cyber issues Much has been written about what did, didn’t, or could have happened with the recent Florida blackout. Any potential terrorism issues would be physical and/or cyber. Physical terrorism is generally visible and can be ruled in or out fairly quickly.

When everybody is in charge, nobody is in charge

This week’s Florida power outage and resultant shutdown of the two Turkey Point nuclear plants raises a very important issue that the government needs to address. Firstly, the protection systems at Turkey Point appeared to work as designed to protect the units from an outside disturbance (this was not a...

IT Security Still Does Not Get It!

I’m frankly tired of people telling me there is no difference between IT enterprise security and plant level IT security. They can blow on and on about that for all they want, but they can’t prove it. I CAN prove my assertion. Here’s more proof.

Process Control Safety System Hack

One of the highlights of the Applied Control Solutions August Control System Cyber Security Conference will be a demonstration of a cyber attack on a typical process control safety system. The attack will traverse a firewall faulting both a typical controller and safety system without an indication at the operator...

Some observations on the differences between enterprise and SCADA security

I posted this earlier on the new SCADASEC listserv and I thought it deserved a wider audience.... If what you are doing is SCADA security, instead of IT Enterprise security, I would like to offer two observations. The first is that SCADA security has a somewhat different purpose than enterprise security.

Why domain expertise isn’t important in cybersecurity—not.

I had a meeting with a vendor who is not a control system vendor but is working on control system security. Last year they participated in a webinar when the question was asked what control system cyber events have occurred.

Are you a black hat or a white hat– ACS’ conference timing gives you a choice

date is set for August 4-7 at the Marriott Burr Ridge Conference Center near Chicago. Since 2004, the Control System Cyber Security Workshop has been held in early August. The reason for the date was to avoid IEEE, ISA, PCSF, DCS and SCADA User group meetings which generally are...

More on the CIA announcement and culture issues

As noted in a previous blog, I was assured the CIA announcement on the overseas control system cyber attacks was indeed real. The announcement spawned an immense amount of smoke and/or fire- real or fear mongering - as there were essentially no details provided.

The dichotomy between HMI and field devices

Last week at Distributech in Tampa it was interesting to see the dichotomy between many of the HMI suppliers (SCADA) and field device suppliers (PLCs, RTUs, IEDs, smart transmitters and drives, etc.). SCADA and DCS vendors have recognized the need for securing the Windows or Linux-based HMI.