Severity Ratings…You must consider the context!

What do severity ratings REALLY mean? I read a blog on Digital Bond’s Bandolier project (,

Live from Yokogawa: Cybersecurity for the Process Industries

Cyber security for the Process Industries

About how risk management works…and doesn’t work

ISA SP99 is working on the Part II standard. The current discussion is on risk. I am including my response looking for discussion on this subject. My premise is that traditional risk methodology (frequency * consequence) does not apply to control system cyber security.

ISA Selects Wurldtech As Service Provider For New Industrial Cyber Security Tool

From the press release:

Control systems are isolated, not…

How isolated are control system networks? There is a prevailing view by many that corporate firewalls and DMZ's provide adequate screening and protection to minimize "hits" on control system networks. Consequently, there is an expectation that control system firewalls (if they even exist) will see very little traffic.

IT versus Control Systems…a word from a “recovering IT person”

Over on SoundOFF! Walt's posted a thought provoking piece by Wurldtech's Bryan Singer, who is also chair of SP99. Singer, who started out as an IT person, has made his bones in automation, and talks about why he agrees with Walt that process security is different. ...

Control systems ARE different

Control systems are different Control systems control the industrial infrastructure. Control system engineers are system engineers. Consequently they are conversant in control theory, electrical engineering, mechanical engineering, chemistry, physics, computer programming, and for nuclear plants, nuclear engineering.

Get your answers here…

Some Congresspeople have been asking questions-- intelligent, insightful questions, that indicate that the policymakers are really going to understand and take a role in cybersecurity: Question from the Honorable Michael T. McCaul: 1. What are the principal differences between the ISA 99 standards and the NIST best practices found in Special...