Blogs

First Standards Based Comprehensive Cyber Security Suite Released

From the MU Security press releases--- MU SECURITY LAUNCHES NEW INDUSTRIAL CONTROL CERTIFICATION AND AUTHORIZED PARTNER PROGRAM "MUSIC" Certification Provides Open Migration Path to Government and Industry Emerging Standards; Honeywell leverages MUSIC Mu Security, a pioneer in the security analyzer market, today announced new Mu Security Industrial Control (MUSIC) certification...

FERC NOPR and the NERC CIPs

The Federal Energy Regulatory Commission (FERC) Notice of Public Rulemaking (NOPR) has been issued for public comment and it should not come as a surprise. In December, the FERC Technical Staff issued their Technical Assessment of the North American Electric Reliability Council (NERC) Critical Infratsrcture Protection (CIP) cyber security standards.

Who's in charge, here?

Ever since the AP article reporting on Ganesh Devarajan from TippingPoint (a 3-com company) and his presentation at the Devcon hackers' conference last week, there has been a very interesting thread on the SCADA list. Fundamentally, however, most people on the list are saying that the problem is that reporters...

Homeland Security pronounces on control system security

The US Department of Homeland Security released its Catalog of Control Systems Requirements (Draft) July 2007  today. It is interesting reading. According to several commentators, it contains warnings about spam and social media-- things not entirely commonly associated with control syst...

What's this? A bogus security survey?

Jake Brodsky noticed this on the Industrial Defender website:

SP99-- who are those guys?

Ken Anderson will be speaking on security issues with Wireless applications. I don't know what happened, but this was supposed to be given by Bryan Singer... Anderson works for an oilsands company. What I want to talk about is where SP99 is, and what we're doing there.

Larry Pereira herds cats for WINA

Now we're having a WINA panel discussion on "The Future of Industrial Wireless Technology-- an Executive Level Insight." Panelists include moderator Larry Pereira of WINA, Jose Gutierrez of Emerson Inc., Hesh Kagan of Invensys, the President of WINA, Ron Morris of DuPont, and Andrew Nolan of Honeywell.

Solving the Security versus Access Dilemma

Moo! Snort! Ouch! It's called the "horns of a dilemma" for a reason. And, while they're not sprinting in Spain's running of the bulls this summer, process control managers and their IT-based counterparts have the equally difficult task of securing their networks from intrusions and malicious software, but still making...

More SOX trouble for utilities?

Thanks to Bob Landman of HL Instruments for posting about this on the SCADA list: July 12, VNUNet "” Utility firms sitting on hacking time bomb. Utility companies could be facing a hacking time bomb owing to poor security measures. As more utilitie...

Joe Weiss reports on NERC CIP and Electric Utility Safety

How Secure are the Electric Utilities if They Implement the NERC CIP Standards? The NERC CIP standards were developed in a consensus fashion with representation from the smallest to the largest utility organizations. In order to obtain consensus, the NERC CIP standards are ambiguous and at best provide a "minimum bar".