Just because you've changed your Facebook and Dropbox passwords (you have, haven't you?) doesn't mean you can forget about Heartbleed. According to the Christian Science Monitor's Saturday edition, "Unconfirmed reports that Heartbleed has already been used to attack encrypted communications systems of US industrial control systems are being investigated, the...
On October 12, 2011, I gave an invited presentation on cyber security of industrial control systems to a graduate electrical engineering colloquium at Stanford - http://www.youtube.com/watch?v=S3Yyv53dZ5A.
There are starting to be more discussions about the need for integration between Information Technology (IT) and Operations Technology (OT) to secure ICSs. From my experience, I have found very few effective OT managers. I believe an effective OT manager must be very familiar with ICSs and their constraints and...
The issue of critical infrastructure protection, or control system cyber security, is getting to be more popular with the mainstream IT community as demonstrated by the number of presentations at Black Hat. The issue is really separating the real issues from the hype.
There have been numerous articles, white papers, and webinars on securing industrial control systems (ICSs). Almost all have focused on securing the IP networks. This is certainly part of the solution, but NOT the entire solution.
The final agenda can be found at www.realtimeacs.com There are several unique hallmarks of the conference:
If you ask users of industrial control system if they meet their design and performance requirements, I think you will find the answer is a resounding yes. However, if you ask security personnel if they are secure, you will probably get a resounding no. What needs to be understood is...
I had discussions with a utility IT cyber security representative at the June 1 San Francisco Electronic Crimes Task Force Quarterly Conference. The nub of the discord was the dissonance between myself worrying about “keeping lights on” at all costs and his focus of maintaining security at all costs.
Because of travel commitments, I have not been actively blogging. Yesterday nite, I gave a presentation at the IEEE Industry Applications Society in Concord, CA. Today, I am flying to Albuquerque to give an invited presentation to an Air Force Cyber Security and Surety meeting.
I have been asked to present a paper at the 2010World Congress in Computer Science, Computer Engineering, and Applied Computing (WorldComp 2010). Our session is on cyber security education. My paper will be on the need for interdisciplinary programs for ICS Cyber Security within the Computer Science and Engineering departments.