Unfettered Blog

Selected Sessions at 2014 October ICS Cyber Security Conference

The 14th ICS Cyber Security Conference (www.icscybersecurityconference.com) will have 5 major themes: Actual ICS cyber incidents; ICS cyber security standards; ICS cyber security solutions; ICS cyber security demonstrations; and ICS policy issues. The Conference focuses on what has REALLY happened and what is being done that affects the CONTROL SYSTEMS.

2014 Silicon Valley Cyber Security Summit – no ICS focus

August 12th, the Silicon Valley Leadership Group hosted the 2014 Silicon Valley Cyber Security Summit. The attendance was very high level with 2 US Senators, 2 US Representatives, senior leadership from McAfee, Symantec, RSA, etc. There was almost no ICS focus or discussions though there were discussions about the need for...

The real cost of control system cyber security– and it isn’t cheap

There is still a prevailing view that control system cyber security is not real and the cost of addressing it is not commensurate with the “benefits”. There have already been more than 350 actual control system cyber incidents.

Another Washington think tank paper on critical infrastructure – another miss

The most recent Washington think tank to write a paper involving cyber security and the electric grid is the Center for the Study of the Presidency and Congress and the paper is “Understanding the threats to the most critical infrastructure while securing a changing grid”.

Real hacks of critical infrastructure are occurring – information sharing is not working

Real ICS cyber incidents including cyber attacks against critical infrastructure ICSs continue to occur. Yet, ICSs continue to be connected to the Internet. Moreover, the information is not being adequately shared. Additionally, vulnerabilities such as Aurora are not being adequately addressed yet the government has made the information public.

The Unisys Ponemon study – is it actually relevant to ICSs

Unisys sponsored a report by the Ponemon Institute: “Critical Infrastructure: Security Preparedness and Maturity”. It is being widely quoted even thought there was little Operational input and many of the questions were not relevant control systems. Consequently, the results need to be questioned as to their relevance.

Consortium for the Advancement of Cyber Thinking and Strategy (C-ACTS)

I will be attending the Air Force Research Institute’s C-ACTS meeting on July 17th. The intent of the meeting is to identify and highlight strategic issues, foster research, collaboration, and develop educational programs that explore national security and military operations in cyber space.

Call for presentations for 2014 ICS Cyber Security Conference

For the first time, we are having a formal call for presentations for the 2014 ICS Cyber Security Conference - www.icscybersecurityconference.com.  The call for presentations can be found at http://www.marketwatch.com/story/2014-ics-cyber-security-conference-call-for-papers-now-open-2014-07-10.

Google Aurora vs ICS Aurora – An industry and DHS debacle

July 3, 2014 DHS made the INL Aurora information public despite the request being for the Google Aurora information. With the exception of two utilities, industry has still not responded to mitigate this problem. DHS claims they released the information because the information is old and industry has addressed the problem.

It’s the end of June 2014 and ICS cyber security is still an enigma to many

The past two weeks continue to demonstrate the lack of understanding about the unique issues of ICS cyber security – why isn’t it just IT. This includes the lack of understanding from private industry, DOD, DOE, and academia.