Unfettered Blog

Security patches can impact reliability and safety and people aren’t aware!

Five months ago, the utility hosting the ICS cyber security test bed met with one of their major ICS vendors.  Some of the security patches actually impacted the reliability of the ICS and the overall system.

AURORA and Its Effectives on Cybersecurity: Too Early to Pass Final Judgment

Since the original AURORA test bed at Idaho Labs in 2007 much has been said about the merits of the test conducted and many conjectures concerning its validity have been made.  It is important to remember that AURORA is not an isolated case that exists outside the cybersecurity framework.  To...

Stanford University presentation on cyber security of industrial control systems

On October 12, 2011, I gave an invited presentation on cyber security of industrial control systems to a graduate electrical engineering colloquium at Stanford  - http://www.youtube.com/watch?v=S3Yyv53dZ5A.

Latest Aurora information – this affects ANY electric utility customer with 3-phase rotating electric equipment!

There have been numerous discussions about cyber risk within NERC, the utilities, and ICS equipment suppliers. Aurora is an unresolved risk that could have significant impact on the utilities, suppliers of relay protection devices, and utility customers with 3-phase rotating equipment.

What is Operations Technology (OT) and why is it important to secure ICSs

There are starting to be more discussions about the need for integration between Information Technology (IT) and Operations Technology (OT) to secure ICSs. From my experience, I have found very few effective OT managers. I believe an effective OT manager must be very familiar with ICSs and their constraints and...

DHS S&T and ICS Cyber Security – What's holding up DHS S&T

August 22nd, the DHS Cyber Security Division held the Transition to Practice Technology Demonstration for Investors, Integrators and IT Companies in San Jose. To great fanfare (it was on local radio and TV) there were 8 cybersecurity technologies being showcased. NONE were directly relevant to control systems!

Hard hat vs Black hat - the hype versus reality

The issue of critical infrastructure protection, or control system cyber security, is getting to be more popular with the mainstream IT community as demonstrated by the number of presentations at Black Hat. The issue is really separating the real issues from the hype.

Insurers' role in ICS cyber security - is there one?

We had assumed that insurers were taking the risk of ICS cyber security seriously. We also thought this could be the driver to get end-users to actually secure their ICSs. Consequently, we intended to have a session on insurer's role in ICS cyber security at the 2013 ICS Cyber Security...

Will the NIST approach to the Executive Order actually support Industrial Control Systems (ICSs)?

I have been involved with NIST to one degree or other on ICS cyber security since 2000 and on other technical issues long before that. I have done this as I firmly believed NIST was the best independent organization to be able to develop ICS cyber security standards.

Will a control system cyber security framework really get organizations to collaborate

Electrons do not have organization charts. Neither do hackers. Unfortunately people and organizations do. As a result of the second utility willing to engage in an Aurora demonstration project, an issue arose about the cyber security of the devices used in the transformer controls.