The recently issued NIST Framework on CIP is a good basic top level document. It directly addresses ICS which is a great step forward and I am very happy to see IEC (ISA)-62443 liberally addressed. I believe the shortcoming is the lack of any actual requirements.
The emergency safeguards in existing commercial nuclear plants use large AC motors for their emergency core cooling. As the Fukushima event demonstrated, emergency core cooling may be needed for a significant period of time. It has been demonstrated that Aurora can damage AC motors. Since very few substations have implemented the...
Paul Rosenzweig wrote a blog on Lawfare (http://www.lawfareblog.com/2014/01/how-likely-is-a-successful-attack-on-the-electric-grid/) on “How Likely Is A Successful Attack On The Electric Grid?” Paul’s question of how likely is a successful attack on the electric grid has an easy, but uncomfortable answer - near 100%.
A presentation was made at the S4 Conference on HART vulnerabilities. Effectively the vulnerability allows the take over of a single field device, using the single field device to take over all of the other field devices on the HART highway, and/or to take over the asset management software.
Aurora was first publicly demonstrated at the Idaho National Laboratory (INL) in March 2007. DOD is responsible for assuring continuity of electric power at critical defense facilities. As such, DOD recognized the potential impacts from Aurora and initiated an Aurora hardware mitigation program.
I received the following Link-in request and thought it would be of interest as I believe it covers a broad swath of the utility infrastructure. “We met several years ago, I think back in 2002, when you spoke at a SCADA system users group meeting.
I believe way too many people and organizations particularly in the electric and water industries have a severe case of plausible deniability - “if I have not heard about it to my face, I do not have to address it.” However plausible deniability may have just sprung a leak.
According to Wikipedia, as of 2010 more than 90 million devices were installed with LonWorks technology. Manufacturers in a variety of industries have adopted the platform as the basis for their product and service offerings. As of December 23, 2013, the LonWorks Network Communication and Interface Guide is available on...
I attended the Amphion Conference December 12th in San Francisco. The Amphion Conference is focused on end-point devices, particularly mobile devices. Even though there were numerous sessions on the Internet of Things, there was very little attendance from the ICS community.
ENISA- the European Union Agency for Network and Information Security – issued a report on patching SCADA systems: “Window of exposure … a real problem for SCADA systems? Recommendations for Europe on SCADA patching” dated December 2013.