Unfettered Blog

Plant IT really IS different

IT and Operations Differences I received an e-mail this morning from a Conference attendee wanting to know if I would give Continuing Professional Education (CPE) credits for the CISSP certification. I didn’t have an answer so I called the organization responsible for CISSP accreditation – the International Information Systems Security...

A word for the next administration…

Recommendation for next administration I have mentioned the Blue Ribbon Committee drafting recommendations for the next president on cyber security. I have been asked to draft a paper for the Committee on what the next administration should think about when it comes to industrial control systems. The paper will address...

Cyber Security isn’t just about terrorism

Computer engineer Terry Childs, 43, is being held on $US5 million ($5.1 million) bail after refusing to hand over the password to San Francisco's FibreWAN system. The network handles up to 60 per cent of the city's government data such as emails, employee financial details, police documents and jail records.

It’s all thanks to Congress…progress, that is!

Congressional support – it has been necessary and fantastic   The NERC CIP process had been an exercise in futility for actually securing the grid. Through the efforts of Jake Olcott from the House Homeland Security staff and Congressman James Langevin and his House Homeland Security Committee, we have finally...

Is there a difference? You be the judge.

Walt Boyes here, stealing Joe's bully pulpit for a moment. MU Security just sent me a press release, quoted below. I submit there is a difference between what this release describes and the infamous Core/Citect incident. And I further submit that the difference is NOT Citect's absolutely abysmal response.

Why is there so much confusion?

Over the past two weeks as I have been preparing for the August Conference, I had conversations with a number of electric and water industry personnel.  The discussions spanned the gamut from complete denial to – yes we did have problems but did not consider them cyber.

Where ARE the experts?

Where are the experts? Several weeks ago, a conference was held by the Brookings Institute and Google on plug-in electric vehicles. In addition to the topic of plug-in vehicles, there was a discussion on cyber security of the electric grid by some very important industry, media, and government individuals.

Joe Sets the Agenda– a litany of cyber issues but are we making progress?

A litany of control system cyber issues – Are we making progress?

What ARE the vendors really building?

The major control system suppliers are claiming they provide tested secure DCS and SCADA systems. To my knowledge, at least four major control system suppliers, in this case 3 DCS and one SCADA, are providing less security than advertized.

Joe reports from ISA POWID meeting

Observations from beautiful, hot Scottsdale – ISA POWID Symposium ISA POWID is the instrumentation and controls symposium for fossil and nuclear power generation. On Tuesday, ISA POWID held 6 hours of security tracks. My general observations include: - Nuclear Energy Institute (NEI) had another scheduling conflict which precluded that organization from...