On December 14, SANS came out with the following headlines: All 3 "top of the news" stories this week illustrate an important security trend: Internet facing control systems are becoming much more prevalent allowing easy exploitation of disclosed vulnerabilities for disruption as well as back door access to other corporate systems...
In November, ViaSat conducted a survey of 213 utility and smart grid personnel. The results can be found at http://smartgridresearch.org/wpcontent/uploads/sgi_reports/Utility_Cyber_Security_Survey_2012_INFOgraphic_ViaSat_Zpryme.pdf?utm_source=Smart+Grid+Insights&utm_campaign=a420661749-_ViaSat_INFOgraphic_12_13_2012&utm_medium=email. The results indicate a growing concern by utilities about cyber security and the potential of significant impacts. I wish I could believe these results.
November 27-28, the Georgia Tech Research Institute and the US Office of Naval Research Global held the TransAtlantic Cyber Security Summit in Dublin, Ireland. The agenda can be found at http://www.siliconrepublic.com/events/event/2927-transatlantic-cyber. There were approximately 60 attendees from Europe and the US.
November 19, the following thread was in Linked-in Cyber Security in Real-Time Systems. "I found that there is a vulnerability in Image-Memory of PLCs. Ralph lunger (sic) said in a movie." the vulnerability is read and write capability in Memory of PLC ". Is there that vulnerability now?"
The National Research Council prepared the report, "Terrorism and the Electric Power System". The report was completed in 2007 but was classified by its sponsor, the Department of Homeland Security, until now. The Council lobbied DHS to allow for its release, and said key findings remain "highly relevant." It was...
November 9th, Susquehanna Unit 2 had a manual shutdown (scram) of the plant due to a failure of the Integrated Control System (ICS) which controls feedwater flow and other systems. The ICS is not a safety system but affects the functionality of the plant.
At the recent ICS Cyber Security Conference we had the first public discussions of Aurora. Aurora is a gap in protection of the electric grid. Aurora is starting Alternating Current (AC) equipment (generators, motors, etc) out-of-phase imposing a large torque which can cause significant loss of equipment life or damage.
On Tuesday, a major control and safety system vendor held a webinar on cyber security of safety systems - "The rocky relationship between safety and security". The vendor talked about the network issues that needed to be considered, limitations on read/write, etc.
At the 12th Industrial Control System (ICS) Cyber Security Conference the week of October 22-25 in Norfolk, VA, there were a number of issues that became evident to the attendees:- There are significant differences between IT and ICSs.
The 12th ICS Cyber Security Conference was held at Old Dominion University's Virginia Modeling Analysis and Simulation Center - VMASC October 22-25, 2012. There were approximately 150 attendees from multiple industries, universities, government, vendors, and consultants from the US, South America, Europe, and Asia.