Unfettered Blog

Where ARE the experts?

Where are the experts? Several weeks ago, a conference was held by the Brookings Institute and Google on plug-in electric vehicles. In addition to the topic of plug-in vehicles, there was a discussion on cyber security of the electric grid by some very important industry, media, and government individuals.

Joe Sets the Agenda– a litany of cyber issues but are we making progress?

A litany of control system cyber issues – Are we making progress?

What ARE the vendors really building?

The major control system suppliers are claiming they provide tested secure DCS and SCADA systems. To my knowledge, at least four major control system suppliers, in this case 3 DCS and one SCADA, are providing less security than advertized.

Joe reports from ISA POWID meeting

Observations from beautiful, hot Scottsdale – ISA POWID Symposium ISA POWID is the instrumentation and controls symposium for fossil and nuclear power generation. On Tuesday, ISA POWID held 6 hours of security tracks. My general observations include: - Nuclear Energy Institute (NEI) had another scheduling conflict which precluded that organization from...

For the record: Citect responds to charges by Core

From the press release, verbatim: Citect reassures its customers on the security of their SCADA networks Sydney, Australia [June 12, 2008] – Citect has moved to reassure its SCADA customers they are extremely unlikely to be at risk from potential security breaches found by Core Security Technologies in Windows-based control...

Core Technologies Outs Citect to Associated Press

Thanks to Marcus Sachs for pointing me to this one---WB In my view, this raises several questions. Why, again (remember, Core accused Wonderware of dilatory response just a couple of months ago) did Citect take five months to fix the problem? Why did Core go to the Associated Press? Does...

Bandolier: Gold Standard, or Only Half Way There?

I want to specifically respond to Ralph Langer’s comments from my blog post on Severity Levels. Ralph posted, “While I agree in general that severity cannot be established without context, experience tells me that such context can hardly be established by any kind of automated software tool.

Guest Post: Jake Brodsky on the Roadmaps and what’s going wrong…

We have a problem.  We have efforts at all levels to secure industrial control systems, but there isn't much coordination.  Some efforts are falling by the wayside.  The Roadmaps for energy and water are mostly taking top-down approaches.  There are approaches in the middle such as the ISA-99, and going...

Joe Weiss makes the Washington Post– and makes sense, too!

URL: http://www.washingtonpost.com/wp-dyn/content/article/2008/06/05/AR2008060501958.html Supporting URL: http://www.gao.gov/new.items/d08526.pdf Cyber Incident Blamed for Nuclear Power Plant Shutdown By Brian Krebs washingtonpost.com Staff Writer Thursday, June 5, 2008; 1:46 PM A nuclear power plant in Georgia was recently forced into an emer...

Severity Ratings…You must consider the context!

What do severity ratings REALLY mean? I read a blog on Digital Bond’s Bandolier project (www.digitalbond.com,