Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
The electric industry has developed the NERC CIPs to secure the bulk electric system from cyber attacks. The bulk electric system is another term for electric transmission. However, the electric system is composed of generation, transmission, and distribution.
The Chemical Facility Anti-Terrorism Standards (CFATS) includes both physical and cyber security recommendations (though mostly physical). INL made a comparison (actually a correlation) of the CFATS risk-based performance standards recommendations to those in ISA99.00.02. The approach on the surface appeared to be similar to what NIST (and support staff including...
The purpose of trip was to attend the CSI “SCADA Summit” and meet with Congressional and government representatives to present an “unvarnished” status of industrial control system security as well as to request continuing support.
Last week I attended the CSI "SCADA/Control Systems Summit" and met with Congressional and government representatives to present an "unvarnished" status of industrial control system security as well as to request continuing support. This is the first in a series of blogs on last week's trip.
"A commission formed to offer advice on cybersecurity to the next president is nearing the completion of its work, and some of the recommendations are likely to conflict with elements of President Bush's Cyber Initiative. It will be finalized very shortly," said Rep.
There has been a lot of discussion on the SCADA listservers about cyber vulnerabilities of control systems. What I want to address is that cyber vulnerabilities or cyber security for that matter does not equal CIP.
The SCADASec listserver continues to be unsettling to say the least. There are still multiple definitions that have no uniform meaning inside or outside the control system cyber security community. These include the terms IT, security, SCADA, etc.
Next week I will be in Washington DC for a Computer Security Institute (CSI) conference session on Wednesday. The session will discuss the needs and issues associated with IT and Operations working together to secure industrial control systems. Ed Goff from Progress Energy will be the “active” moderator as...
The GE Fanuc/Proficy Information Portal Remote Code Execution Vulnerability has been identified via US CERT Vulnerability Note VU#339345 and issued November 7th as a NERC ES-ISAC Advisory: “…The NERC ES-ISAC estimates that the risk to grid reliability from this vulnerability is LOW based on the limited deployment of the...