Unfettered Blog

Palo Alto Networks webinar on ICS network segmentation

I will be participating with Palo Alto Networks and an industrial customer on a webinar on network segmentation. The webinar is on September 24th at 11am Pacific and can be found at https://engage.vevent.com/rt/scwc~sept24paloalto?code=PaloAltoA.

Cyber security and the electric grid – it IS a problem

Politico had an article, “U.S. grid safe from large-scale attack, experts say”. Enclosed is quick summary of why I disagree.

Fraunhofer Institute lectures on control system cyber security

I have been invited to give two lectures at the Fraunhofer Institute in Darmstadt, Germany on various aspects of control system cyber security. The first is scheduled for December 2nd and the second for January 6th. The lecture series is called: “A new security culture for "Industrie 4.0".

Aurora mitigation status and lack of industry credible response

The electric industry still has done very little other than paper studies to address the Aurora mitigation. DOD is working with two utilities to demonstrate the use of the Aurora hardware mitigation devices. The first utility has provided DOD with several dozen event reports to date.

NERC CIPS and Keeping Lights On – are they the same?

August 19th, I spent a day with the NERC Critical Infrastructure Protection (CIP) Version 5 Drafting team working on one of the NERC CIP Standards. The focus was on boundary protection, not on the actual control system devices and serial communications which were explicitly excluded.

Selected Sessions at 2014 October ICS Cyber Security Conference

The 14th ICS Cyber Security Conference (www.icscybersecurityconference.com) will have 5 major themes: Actual ICS cyber incidents; ICS cyber security standards; ICS cyber security solutions; ICS cyber security demonstrations; and ICS policy issues. The Conference focuses on what has REALLY happened and what is being done that affects the CONTROL SYSTEMS.

2014 Silicon Valley Cyber Security Summit – no ICS focus

August 12th, the Silicon Valley Leadership Group hosted the 2014 Silicon Valley Cyber Security Summit. The attendance was very high level with 2 US Senators, 2 US Representatives, senior leadership from McAfee, Symantec, RSA, etc. There was almost no ICS focus or discussions though there were discussions about the need for...

The real cost of control system cyber security– and it isn’t cheap

There is still a prevailing view that control system cyber security is not real and the cost of addressing it is not commensurate with the “benefits”. There have already been more than 350 actual control system cyber incidents.

Another Washington think tank paper on critical infrastructure – another miss

The most recent Washington think tank to write a paper involving cyber security and the electric grid is the Center for the Study of the Presidency and Congress and the paper is “Understanding the threats to the most critical infrastructure while securing a changing grid”.

The Unisys Ponemon study – is it actually relevant to ICSs

Unisys sponsored a report by the Ponemon Institute: “Critical Infrastructure: Security Preparedness and Maturity”. It is being widely quoted even thought there was little Operational input and many of the questions were not relevant control systems. Consequently, the results need to be questioned as to their relevance.