As noted in a previous blog, I was assured the CIA announcement on the overseas control system cyber attacks was indeed real. The announcement spawned an immense amount of smoke and/or fire- real or fear mongering - as there were essentially no details provided.
Last week at Distributech in Tampa it was interesting to see the dichotomy between many of the HMI suppliers (SCADA) and field device suppliers (PLCs, RTUs, IEDs, smart transmitters and drives, etc.). SCADA and DCS vendors have recognized the need for securing the Windows or Linux-based HMI.
I am pleased to announce the 2008 Applied Control Solutions Control System Cyber Security Conference will be held August 4-7, 2008 in Burr Ridge, IL (Chicago area). Argonne National Laboratory, one of the national laboratories working on critical infrastructure protection, will co-host this year's event with a focus on interdependencies.
I posted this earlier today on the A-List at www.control.com in response to a question about the veracity of the CIA report at SANS: Joe Weiss (www.controlglobal.com/unfettered) and I believe the CIA report to be credible. Why we believe that is not for this public forum. Sorry to be mysterious.
News from Tampa
From the press release:
has a very interesting and provocative discussion about the CIA disclosure at SANS last week. This is the second time SANS has made an unverifiable disclosure on control system cyber extortion. SANS needs to provide more detailed information not only to validate its authenticity but to provide enough information for i...
The NERC critical infrastructure protection (CIP) reliability standards to protect the nation's bulk power system against potential cyber security impacts have drawn passionate partisans-those who believe they are sufficient (NERC and the utilities); and those that believe they are not adequate (Congress, control system experts, cyber security experts, etc).
How isolated are control system networks? There is a prevailing view by many that corporate firewalls and DMZ's provide adequate screening and protection to minimize "hits" on control system networks. Consequently, there is an expectation that control system firewalls (if they even exist) will see very little traffic.
In California, we have 236 pages of state-mandated standards for building energy efficiency, known as Title 24. The proposed revisions to Title 24 include the requirement for a "programmable communicating thermostat" (PCT). Every new home and every change to existing homes' central heating and air conditioning systems will be...