Controlling Interests Editors' Blog

Applied Control Solutions Cyber Security Workshop Summary

The Applied Control Solutions 2007 Control Systems Cyber Security Workshop was held August 13-16 in Knoxville, TN. There were more than 100 attendees representing domestic and international commercial and government communities. The commercial attendees included representatives from electric, gas, and water utilities; chemical companies; pipelines, and vendors.


The Federal Energy Regulatory Commission (FERC) Notice of Public Rulemaking (NOPR) has been issued for public comment and it should not come as a surprise. In December, the FERC Technical Staff issued their Technical Assessment of the North American Electric Reliability Council (NERC) Critical Infratsrcture Protection (CIP) cyber security standards.

Why should federal power agencies be held to a higher cyber security standard?

FISMA is the Federal Information Security Management Act. It is mandatory by federal law for all federal agencies. The controls document for implementing FISMA is NIST Special Publication (SP) 800-53. NIST SP800-53 was developed for IT systems. However, federal agencies including TVA, BPA, WAPA, the Bureau of Reclamation, and the...

Joe Weiss reports on NERC CIP and Electric Utility Safety

How Secure are the Electric Utilities if They Implement the NERC CIP Standards? The NERC CIP standards were developed in a consensus fashion with representation from the smallest to the largest utility organizations. In order to obtain consensus, the NERC CIP standards are ambiguous and at best provide a "minimum bar".

Joe Weiss asks: Does Sarbanes-Oxley apply to control systems?

Does Sarbanes-Oxley apply to Control Systems?The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors a...

Nuclear Industry Icon to Give Wednesday Lunch Keynote at Control System Cyber security Workshop

Henry Stone, the former General Manager of GE's Knolls Atomic Power Laboratory and Vice President and Chief Engineer of GE's Nuclear Energy Division, will provide the Wednesday lunch keynote at the Knoxville Control System Cyber Security Conference.   The talk will discuss what it took to build a new industry from...

Network Design and Testing

Much is being written about the recent Browns Ferry "broadcast storm" event. Without judging what others are saying, I would like to posit what I believe either happened or could have happened. There is insufficient detail in the NRC Information Notice to make a definitive judgment.

Solutions looking for problems

After spending 15 years at EPRI dealing with cutting edge problems, I have found there are significantly fewer problems looking for solutions than there are solutions looking for problems. Additionally, some of the problems looking for solutions are looking because they are so difficult and complex to solve, such as...

Security definitions - or our own Tower of Babel

I wanted to focus on some key definitions that can, and have, created misunderstandings. The term "cyber security" is an IT artifact that does not reflect the need to assure control system reliability and availability. Generally, the term cyber security refers to protection against attackers.

Another post from Joe Weiss--

There are a number of industry organizations and conferences focusing on control system cyber security for specific industries. In some cases, this insular approach is not rigid. In other cases such as nuclear power, this approach has been applied to an extreme.Technically, there is more commonality between control systems, control...