Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
The Smart Grid Roadmap, Report to NIST on the Smart Grid Interoperability Standards Roadmap has some very curious conclusions and descriptions. They involve DNP3, NERC CIPs, NIST SP800-53 and NIST SP 800-82. These descriptions and recommendations (or lack therof) can have long term, expensive ramifications.
Early this week, Wes McGrew a PhD student at Mississippi State (I gave a lecture there last October) helped contribute to the arrest of a hacker who compromised the HVAC system at a Dallas area hospital. Wes has a great story to tell. You can find it at:http://www.mcgrewsecurity.com/2009/07/02/ghostexodus-part2/ Joe Weiss
In the June 22nd issue of InformationWeek, the cover story is cyber security – What’s Your Appetite for Risk?. The focus was on intentional cyber attacks against the IT infrastructure. I wanted to focus on two charts. The first is What are the Primary Goals of Your Risk Management Initiative?.
In a report published June 12th, Register.com's Dan Goodin reports, "The newfangled meters needed to make the smart grid work are built on buggy software that's easily hacked, said Mike Davis, a senior security consultant for IOActive.
Much has been written about what makes control systems different than business IT systems. However, the Smart Grid tends to blur these distinctions as control systems are networked using Ethernet and TCP/IP. With all of the money and focus on Smart Grid, particularly cyber security, there is obviously more attention...
We received this press release this morning from GE Energy. While we applaud GE and its customer for being in the forefront of Smart Grid technology, we continue to wonder, reading the release, where the security provisions come in.
I attended the inaugural meetings of IEEE P2030 - Smart Grid, last week in Santa Clara. I had a discussion with a representative from a utility organization. He feels his constituency is too small to be governed by electric industry cyber security standards.
In preparing for two webinars I held this week, I ran across two items that just make you hold your breath. The first was an advertisement for an on-line process controller for water treatment. It stated: “The result is the ability to remotely monitor and control your process from any...