Blogs

I’m sitting in for Joe, because he’s running the ACS Conference

so am I, ...and I’ll be blogging about it for the next couple of days, but I’ll be simul-blogging on SoundOff as well. The over 100 attendees of the conference heard a video keynote from Congressman James Langevin, (D) Rhode Island.

Is there a SCADA link in the Terry Childs incident in San Francisco?

San Francisco and SCADA Jake Brodsky brought up the following, "Do management and law enforcement types have any clue as to how one might regain control of a SCADA system after a rogue employee has secured everyone out of it?" I had planned on saying something at the Conference next...

Core Technologies outs Citect to Associated Press-- is this ethical?

, Core Technologies "reported exclusively" to the Associated Press about a buffer overflow vulnerability they found in CitectSCADA. The flaw is repaired, although, once again Core insists that it was "five months" before Citect responded to their notification.

Bandolier: Gold Standard, or Only Half Way There?

I want to specifically respond to Ralph Langer’s comments from my blog post on Severity Levels. Ralph posted, “While I agree in general that severity cannot be established without context, experience tells me that such context can hardly be established by any kind of automated software tool.

Guest Post: Jake Brodsky on the Roadmaps and what’s going wrong…

We have a problem.  We have efforts at all levels to secure industrial control systems, but there isn't much coordination.  Some efforts are falling by the wayside.  The Roadmaps for energy and water are mostly taking top-down approaches.  There are approaches in the middle such as the ISA-99, and going...

Lightbulbs Slowing Going on over Control System “Cyber Incidents”

I had a meeting Wednesday morning with an IEEE standards committee on cyber security of substation devices. Following that, Marshall Abrams from MITRE and I gave a presentation at RSA, which is billed as the world’s largest cyber security conference.

Wurldtech expands product offerings

From the press release: Industrial Cyber-Security Leader Introduces New Achilles™ Health Check Program for Operators of Global Critical Infrastructure Wurldtech™ Expands Security Service Portfolio; Offering Industrial Organizations a Simple, Cost-Effective Solution to Protect the Integrity and Availability of SCADA and Process Control Systems Worldwide VANCOUVER, BC – February 27, 2008...

Here's an interesting question...

Well, let's see who's awake and interested this morning... Here's an interesting question that surfaced on the SCADA listserv this weekend. Is alarm management for DCS (as most recently codified in the new EEMUA guidelines) the same as alarm management for SCADA systems? Are the criteria for number and type...

Two views of the same news-- Industrial Defender and Semaphore

It is unusual, and very interesting when I get press releases covering the same event written by the different parties from a different point of view. So not only am I sharing the news with you, that Industrial Defender (formerly Verano) and Semaphore have partnered, I am also sharing both...