Unfettered Blog

A major cyber threat to critical infrastructures is from ... the electric utilities

Critical infrastructures include water, oil/gas, pipelines, chemicals, manufacturing, telecommunications, transportation, etc. Their continued operation requires the electric utility industry to be available. However, the electric utility industry is also a cyber threat to all of those end-users. That threat is Aurora.

Even former ex-CIA officers don't understand ICS cyber security

Mark Sparkman is a former senior officer with the CIA's National Clandestine Service, and is now a senior international affairs analyst with the RAND Corporation. He wrote this article: The Real Cyber Threat, for CNN http://www.rand.org/commentary/2013/05/21/CNN.html.

ICS Cyber Security is still not understood by the IT community - and it is hurting critical infrastructure

May 8, 2013 Cheri McGuire, Symantec's Vice President, Global Government Affairs & Cybersecurity Policy testified to the Senate Judiciary Subcommittee on Crime and Terrorism hearing. She stated: "In my testimony today, I will provide the Subcommittee with our latest analysis of the threat landscape as detailed in the just-released Symantec...

Medical device and pharmaceuticals - where is ICS cyber security

December 2011, I attended the POLCYB meeting in Los Angeles. A major pharmaceutical manufacturer attended. The pharmaceutical representative mentioned they had not addressed ICS cyber security as they had simply not considered it and there was no regulatory driver.

Counterfeit exida safety certifications discovered

SELLERSVILLE, PA (May 9, 2013) --exida, an accredited global Certification Body, has discovered a counterfeit certificate falsely claiming that a product meets the functional safety requirements for Safety Integrity Level (SIL) 3 capable per IEC 61508.

ICS Cyber Security - People Are Not THE Answer - Yes they are!

Dale Peterson wrote a blog at www.digitalbond.com stating that "People Are Not THE Answer" to ICS cyber security. I disagree with Dale and have frequently stated that the 75% silver bullet for ICS cyber security is appropriate policies, procedures, training, and architecture.

Lesson learned from the utility test bed- the system is broken

Last week, the utility met with one of their major ICS vendors to determine if the vendor would be willing to support the utility's test bed concept. The purpose of the test bed is to maintain or improve reliability with security being a potential impact on reliability not the traditional...

Medical device and control system cyber security

I attended the San Francisco Electronic Crimes Task Force Medical Device Security Conference. If they didn't continue to repeat the words "medical device", the conference could have been an electric, water, chemical, mass transit, manufacturing, etc control system cyber security conference.

Lessons learned to date on utility testbed

Even though we are just in the preliminary stages, there have been a number of interesting findings:- Even though there are a plethora of cyber security solution providers, very few actually understand the unique needs of the ICS community.- Many of the non-ICS technologies, though not developed for reliability, can...

Where are the control system cyber security solutions???

About a month ago, I issued a call for control system cyber security solutions to be evaluated by an electric utility in an actual utility setting. The utility has power plants, electric distribution and low level transmission, SCADA, Smart Grid, etc.