Unfettered Blog

More from the St. Mary’s Cyberterrorism and Law conference

I had the opportunity to attend and participate in the St. Mary’s University Cyberterrorism Law Conference in San Antonio Wednesday and Thursday. There were several interesting observations: - Since the focus was cyberterrorism, the conference was heavily tilted the government and DOD.

Wurldtech’s Industrial Cybersecurity Database Launches

From Bryan Singer at Wurldtech: Wurldtech is launching an applied research project which I think would appeal to folks like yourself. The planned undertaking is the largest study of its kind, examining the cyber security threats and vulnerabilities present in currently deployed control systems.   By leveraging the Achilles platform...

Now, about those spare parts…

I am at a cyberterrorism and law conference in San Antonio.

Security mindset (or the lack of it)

It has become clear to me there is a difference between how IT and Operations approach security. The IT security organization is very focused on security, sometimes to an extreme. The Operations organizations generally pay lip service. 

“A little rant on patching…” from Eric Byres

:  Most IT professionals are pretty confident that we know what applications and operating systems are running on our desktops and servers. So when a vendor like Adobe releases an announcement of some new critical vulnerability (

The Next Catastrophe

In Saturday’s SCADAlistserver, the following note was provided: “We are not safe. Nor can we ever be fully safe, for nature, organizations, and terrorists promise that we will have disasters evermore." So concludes this important and chilling book by Charles Perrow, professor emeritus of -sociology at Yale University.

Substation equipment and cyber issues

Substation equipment and cyber issues Much has been written about what did, didn’t, or could have happened with the recent Florida blackout. Any potential terrorism issues would be physical and/or cyber. Physical terrorism is generally visible and can be ruled in or out fairly quickly.

When everybody is in charge, nobody is in charge

This week’s Florida power outage and resultant shutdown of the two Turkey Point nuclear plants raises a very important issue that the government needs to address. Firstly, the protection systems at Turkey Point appeared to work as designed to protect the units from an outside disturbance (this was not a...

Wurldtech expands product offerings

From the release:  Industrial Cyber-Security Leader Introduces New Achilles™ Health Check Program for Operators of Global Critical Infrastructure Wurldtech™ Expands Security Service Portfolio; Offering Industrial Organizations a Simple, Cost-Effective Solution to Protect the Integrity and Availability of SCADA and Process Control Systems Worldwide VANCOUVER, BC – February 27, 2008 –...

Purchasing Language for SCADA systems…

Todd Stauffer of Siemens and I were discussing the need for critical engineering understanding when applying cybersecurity tools to plant level DCS and SCADA security the other day. Todd reminded me of the fact that there's a government funded organization called the Multi-State Information Sharing and Analysis Center that has produced...