Blogs

FERC Letter on Aurora and industry misstatements

The recent FERC letter to collect Aurora information has spawned some interesting reading. My comments are in red.

Does SANS bite?

Sorry, I couldn't resist the pun. Joe Weiss posted on Unfettered this morning a clip from the blog, SANS Bites. In it he takes issue with the editor of SANS Bites' self-serving, and industry-serving statements about how nobly the industry is trying to achieve cybersecurity nirvana. What rot.

From SANS Bites…

The following is from SANS Bites 12.11.2007 with my comments boldfaced :  [Editor's Note (Paller): This is a stunning development. NERC's cyber security standards were coming to be seen as almost totally ineffective (That statement is wrong- the industry has been fighting tooth and nail to justify and keep the...

About security...a word from a "recovering IT person."

Last week I posted on the SCADA list a response to an IT person who took exception to my statement that IT people who try to do security in process control systems can even be dangerous. In part, I said: You are dead wrong about one thing, though.

NIST Frameworks vs NERC CIPs

The October 17 Congressional hearings generated a great deal of interest and also consternation, particularly by NERC, EEI, and the utilities. There is ample evidence that many utilities have not been making much progress in actually securing their control systems or responding to the recent ES ISAC Advisory on the...

Mr. Weiss Goes to Washington

As a follow-up to Joe Weiss' appearance before the congressional homeland security subcommittee yesterday, you might want to check out the live coverage. Scroll down the page and click on the "Live Link."  It's just as good in pictures as in the written form.

More About Congressional Testimony

Live links -- including video-- to my testimony are available here....

Joe’s Testimony before Congress, blasts NERC for negligence

Joe Weiss testified before the House Committee on Homeland Security yesterday, about the state of cybersecurity preparedness in the power and energy industries. In his testimony, Joe blasted NERC as "alarming at best and negligent at worst," and recommended that ISA be given responsibility for developing new standards for cybersecurity...

Is the Edison Electric Institute in bed with NERC and FERC?

Here's a sanitized communication from EEI:

We’re in danger of missing the point of the INL demonstration…

This post is in response to the scores of responses to the CNN report and AP articles on the INL cyber destruction of the generator. It is very clear that from the blogs such as the SCADA ListServer, we have not just skeptics, but complete lack of knowledge on the...