Blogs

Invensys adds NERC CIP compliance services to systems #PAuto

Here's another announcement from Invensys at their North America Client Conference:

Dilbert on industry standards

Protecting Our Assets-- November Special Issue

I announced a while back that we would be tearing up the editorial calendar and making the November issue a special issue with a single theme: critical infrastructure protection.

So where in cyberspace is the nuclear power community?

Where is the nuclear power community? It has been a year since Congressmen Bennie Thompson and James Langevin sent a letter to Chairman Klein of the NRC with a series of questions related to the Browns Ferry 3 Nuclear Plant Broadcast Storm incident.

Why Aren’t Solutions Addressing Problems?

I read about, or attend, government programs, industry programs, and industry conferences that purport to have solutions for “SCADA security”. All I can do is shrug my shoulders.  There are several fundamental issues that have not yet been addressed: - There is still a dreadful lack of understanding about legacy...

Nuclear plant cyber security has a ways to go

As a nuclear engineer who has worked inside and outside of the nuclear industry, I have my thoughts on why nuclear plants are so far behind non-nuclear facilities in securing control systems. I spent 5 years managing the EPRI Nuclear Plant Instrumentation and Diagnostics Program.

A complete, and still generic, response to Mark

Since Mark has brought up the issue, I think it is time for a complete response. It may ruffle some feathers. When I first got involved in cyber security at EPRI in February 2000, we had to make a decision as to what should be the scope of the program.

What, exactly does the CIA know?

 has a very interesting and provocative discussion about the CIA disclosure at SANS last week. This is the second time SANS has made an unverifiable disclosure on control system cyber extortion. SANS needs to provide more detailed information not only to validate its authenticity but to provide enough information for i...

FERC plays Solomon with the NERC CIPs

The NERC critical infrastructure protection (CIP) reliability standards to protect the nation's bulk power system against potential cyber security impacts have drawn passionate partisans-those who believe they are sufficient (NERC and the utilities); and those that believe they are not adequate (Congress, control system experts, cyber security experts, etc).