Unfettered Blog

ACS Conference tells it like it is for cybersecurity

Applied Control Solutions, LLC For Immediate Release Contact: Joe Weiss (408) 253-7934 or joe.weiss@realtimeacs.com. Cyber Security Conference Focusing on Potential Causes, Prevention of Recent Power Blackouts and Plant Shutdowns (Trips) August 4-7, 2008 – Burr Ridge, IL Applied Control Solutions, LLC announces the eighth in a series of conferences focused...

Lightbulbs Slowing Going on over Control System “Cyber Incidents”

I had a meeting Wednesday morning with an IEEE standards committee on cyber security of substation devices. Following that, Marshall Abrams from MITRE and I gave a presentation at RSA, which is billed as the world’s largest cyber security conference.

Now It’s Official

The following report by Ryan Singel appeared at Wired.com yesterday. April 09, 2008  On June 10, 1999, a 16-inch diameter steel pipeline operated by the now-defunct Olympic Pipeline Co. ruptured near Bellingham, Washington, flooding two local creeks with 237,000 gallons of gasoline.

What’s Missing?

I have been involved in hosting a conference on control system cybersecurity for seven years. It has always been held with a focus on and with the perspective of a control systems engineer. Several events have “opened my eyes” to what seems to be missing: * Design issues.

Why Aren’t Solutions Addressing Problems?

I read about, or attend, government programs, industry programs, and industry conferences that purport to have solutions for “SCADA security”. All I can do is shrug my shoulders.  There are several fundamental issues that have not yet been addressed: - There is still a dreadful lack of understanding about legacy...

Nuclear plant cyber security has a ways to go

As a nuclear engineer who has worked inside and outside of the nuclear industry, I have my thoughts on why nuclear plants are so far behind non-nuclear facilities in securing control systems. I spent 5 years managing the EPRI Nuclear Plant Instrumentation and Diagnostics Program.

KYFHO: Why IT needs to keep its distance from control systems or learn how to do it right

Why IT needs to keep its distance from control systems Several actual events and tests have shed new light on why IT needs to understand the issues with control systems before things go uncontrollably wrong. That is, control systems (Operations) coordination and leadership is absolutely required before those networks are...

Nanny nanny boo boo…or is it? Walt Boyes comments…

Today, we received a press release from a security company, announcing that they had found a vulnerability in a piece of third-party software. We often get these. I'm not naming names. What we DON'T get, however, is the context.

A complete, and still generic, response to Mark

Since Mark has brought up the issue, I think it is time for a complete response. It may ruffle some feathers. When I first got involved in cyber security at EPRI in February 2000, we had to make a decision as to what should be the scope of the program.