Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
There is an on-going thread concerning system complexity and security trends on the SCADA perspective listserver. In order to maintain the very high reliability required of control systems, they are built on the KISS principle - "Keep It Simple Stupid." System complexity goes against the KISS principle.
Last week, I attended the ISA 100 Wireless meeting in Mt. View including the Trusted Wireless Interest Group (TWIG) meeting. There were several very good presentations on different aspects of security. However, none were specific to wireless.
The following note was placed on the Link-in PCSF members' site by Perry Pederson: "What's up with the Comprehensive National Cybersecurity Initiative (CNCI)? I attended a vendors day conference at DHS-NCSD yesterday where they briefed industry on the role that NCSD will have in the execution of the CNCI.
Many IT and control system vendors are claiming to offer NERC CIP-compliant products. That makes for great marketing hype. However, the NERC CIPs are written for end-users to validate their comprehensive security program, not for vendors.
Yesterday, Peter Welander of Control Engineering provided the following editorial - Cyber Security Issues Take Center Stage in 2009. I completely agree with Peter’s thoughts that cyber security will become a big issue in 2009. However, I wanted to correct the impression being left by one statement: “First and foremost,...
FERC has recently approved NERC’s “Complete Violation Risk Factor Matrix Encompassing Each Commission Approved Reliability Standard”. As stated on the NERC website “As NERC moves forward to become the Electric Reliability Organization (ERO) and enforcement of the NERC reliability standards and the requirements contained within begins, there will be a...
Enclosed are my comments (indented) on three of Digital Bond’s top 10 SCADA Security Stories in 2008. I find it interesting that the NRC’s Cyber Security Rule and development of the Regulatory Guide (gee, something technically adequate and with teeth) isn’t even mentioned.
December 19, Reuters – (National) U.S. not ready for cyber attack. The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on December 18 after participating in a two-day “cyberwar” simulation.
In late February 2007, the ES-ISAC (Electric Sector - Information Sharing and Analysis Center) was informed of a potential cyber vulnerability dubbed Aurora which, if exploited by an attack, would have significant consequences. Consequently, DHS designated discussions of the Aurora vulnerability as FOUO (for Official Use Only).