Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
FERC has recently approved NERC’s “Complete Violation Risk Factor Matrix Encompassing Each Commission Approved Reliability Standard”. As stated on the NERC website “As NERC moves forward to become the Electric Reliability Organization (ERO) and enforcement of the NERC reliability standards and the requirements contained within begins, there will be a...
Enclosed are my comments (indented) on three of Digital Bond’s top 10 SCADA Security Stories in 2008. I find it interesting that the NRC’s Cyber Security Rule and development of the Regulatory Guide (gee, something technically adequate and with teeth) isn’t even mentioned.
December 19, Reuters – (National) U.S. not ready for cyber attack. The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on December 18 after participating in a two-day “cyberwar” simulation.
In late February 2007, the ES-ISAC (Electric Sector - Information Sharing and Analysis Center) was informed of a potential cyber vulnerability dubbed Aurora which, if exploited by an attack, would have significant consequences. Consequently, DHS designated discussions of the Aurora vulnerability as FOUO (for Official Use Only).
The Center for Strategic and International Studies (CSIS) issued the report “Securing Cyberspace for the 44th Presidency”. The report does a very good job of addressing the delicate balancing act of securing our critical infrastructures while maintaining personal privacy.
The electric industry has developed the NERC CIPs to secure the bulk electric system from cyber attacks. The bulk electric system is another term for electric transmission. However, the electric system is composed of generation, transmission, and distribution.
The Chemical Facility Anti-Terrorism Standards (CFATS) includes both physical and cyber security recommendations (though mostly physical). INL made a comparison (actually a correlation) of the CFATS risk-based performance standards recommendations to those in ISA99.00.02. The approach on the surface appeared to be similar to what NIST (and support staff including...
The purpose of trip was to attend the CSI “SCADA Summit” and meet with Congressional and government representatives to present an “unvarnished” status of industrial control system security as well as to request continuing support.
Last week I attended the CSI "SCADA/Control Systems Summit" and met with Congressional and government representatives to present an "unvarnished" status of industrial control system security as well as to request continuing support. This is the first in a series of blogs on last week's trip.