Unfettered Blog

New Security System Survey

This news release just crossed my desk. Might be worth your time to fill this out.

Thursday Morning Scary Read

Nancy Bartels driving the blogging machine here this morning. I am not by nature an alarmist, and I tend to ignore headlines that say (or imply) "OMG, we're all going to die!" On the other hand, when you smell smoke in the kitchen for longer than a couple of minutes,...

The MIT Report on the Electric Grid: Control Systems Were Not Adequately Addressed

MIT issued the report, "The Future of the Electric Grid – An Interdisciplinary MIT Study." Chapter 9 is "Data Communications, Cybersecurity, and Information Privacy." According to the report, the U.S. should implement standards to reduce the risk of cyber attacks on the electricity grid and should designate one agency responsible...

What We Have Here Is a Failure to Communicate

Nancy Bartels of Control magazine and ControlGlobal.com hijacking Joe's blog here. This story would be funny if it wasn't so scary. Wired magazine has broken the real story (or the latest iteration of the real story). The link is here. So it wasn't evil hackers from Russia after all.

The Illinois Water Hack Is a Test of the System for Disclosure – Is It Broken?

My blog on the Illinois water hack was directly based on a formal disclosure announcement by the Illinois State Terrorism and Intelligence Center - STIC (Note: My blog did not identify the state involved. That disclosure came from DHS).

Is the WaterISAC Helping the Water Industry? – The Illinois Water Hack Raises Serious Questions

Per the WaterISAC portal, the WaterISAC (Information Sharing and Analysis Center) is a community of water sector professionals who share a common purpose: to protect public health and the environment. The WaterISAC provides email notifications about threats and any incidents demanding immediate attention.

Water System Hack - The System Is Broken

Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:

The Need for Control System Cyber Forensics

There is a perception that control systems, including field devices, have cyber forensic capabilities similar to those of IT systems. That perception is wrong. A control system generally has a Microsoft front-end human-machine interface (HMI) that should have adequate cyber forensics.

An Apology from Joe Weiss

In a blog post on October 18 (now removed) I posted some things I regret about Erfan Ibrahim's remarks at the IEEE Electric Grid Modernization Workshop last week. I apologize to both Mr. Ibrahim and to my readers.