I have been involved with NIST to one degree or other on ICS cyber security since 2000 and on other technical issues long before that. I have done this as I firmly believed NIST was the best independent organization to be able to develop ICS cyber security standards.
Electrons do not have organization charts. Neither do hackers. Unfortunately people and organizations do. As a result of the second utility willing to engage in an Aurora demonstration project, an issue arose about the cyber security of the devices used in the transformer controls.
NIST Released New Draft Outline of Cyber Standard #pauto #critical-Infrastructure #automation #cybersecurity #hacking
NIST Releases Draft Outline of Cybersecurity Framework for Critical Infrastructure
What precipitated this blog was a NERC employee trying to discourage a utility from participating in an Aurora hardware demonstration. Based on the facts below, I would posit that the NERC CIP approach has not improved the reliability of the electric grid from cyber threats and may have actually made...
As an engineer, I have been brought up to work with number, physics, and logic. As a control systems engineer, I have brought up to focus on reliability and safety - we want the process to work and not to hurt people.
I am aware of a utility having just performed a SCADA upgrade with a major SCADA supplier. The previous version was not secure. Part of the upgrade process was to secure the new version. Following the completion of the upgrade, the vendor is remotely accessing the live SCADA system and...
Critical infrastructures include water, oil/gas, pipelines, chemicals, manufacturing, telecommunications, transportation, etc. Their continued operation requires the electric utility industry to be available. However, the electric utility industry is also a cyber threat to all of those end-users. That threat is Aurora.
Mark Sparkman is a former senior officer with the CIA's National Clandestine Service, and is now a senior international affairs analyst with the RAND Corporation. He wrote this article: The Real Cyber Threat, for CNN http://www.rand.org/commentary/2013/05/21/CNN.html.
ICS Cyber Security is still not understood by the IT community - and it is hurting critical infrastructure
May 8, 2013 Cheri McGuire, Symantec's Vice President, Global Government Affairs & Cybersecurity Policy testified to the Senate Judiciary Subcommittee on Crime and Terrorism hearing. She stated: "In my testimony today, I will provide the Subcommittee with our latest analysis of the threat landscape as detailed in the just-released Symantec...
December 2011, I attended the POLCYB meeting in Los Angeles. A major pharmaceutical manufacturer attended. The pharmaceutical representative mentioned they had not addressed ICS cyber security as they had simply not considered it and there was no regulatory driver.