Unfettered Blog

More on the CIA announcement and culture issues

As noted in a previous blog, I was assured the CIA announcement on the overseas control system cyber attacks was indeed real. The announcement spawned an immense amount of smoke and/or fire- real or fear mongering - as there were essentially no details provided.

The dichotomy between HMI and field devices

Last week at Distributech in Tampa it was interesting to see the dichotomy between many of the HMI suppliers (SCADA) and field device suppliers (PLCs, RTUs, IEDs, smart transmitters and drives, etc.). SCADA and DCS vendors have recognized the need for securing the Windows or Linux-based HMI.

2008 Applied Control Solutions Control System Cyber Security Conference

I am pleased to announce the 2008 Applied Control Solutions Control System Cyber Security Conference will be held August 4-7, 2008 in Burr Ridge, IL (Chicago area). Argonne National Laboratory, one of the national laboratories working on critical infrastructure protection, will co-host this year's event with a focus on interdependencies.

About that CIA disclosure…

I posted this earlier today on the A-List at www.control.com in response to a question about the veracity of the CIA report at SANS: Joe Weiss (www.controlglobal.com/unfettered) and I believe the CIA report to be credible. Why we believe that is not for this public forum. Sorry to be mysterious.

Signals from Distributech, and Joe believes the CIA

News from Tampa

ISA Selects Wurldtech As Service Provider For New Industrial Cyber Security Tool

From the press release:

What, exactly does the CIA know?

 has a very interesting and provocative discussion about the CIA disclosure at SANS last week. This is the second time SANS has made an unverifiable disclosure on control system cyber extortion. SANS needs to provide more detailed information not only to validate its authenticity but to provide enough information for i...

FERC plays Solomon with the NERC CIPs

The NERC critical infrastructure protection (CIP) reliability standards to protect the nation's bulk power system against potential cyber security impacts have drawn passionate partisans-those who believe they are sufficient (NERC and the utilities); and those that believe they are not adequate (Congress, control system experts, cyber security experts, etc).

Control systems are isolated, not…

How isolated are control system networks? There is a prevailing view by many that corporate firewalls and DMZ's provide adequate screening and protection to minimize "hits" on control system networks. Consequently, there is an expectation that control system firewalls (if they even exist) will see very little traffic.

Can you hack the grid from your home thermostat??

In California, we have 236 pages of state-mandated standards for building energy efficiency, known as Title 24.  The proposed revisions to Title 24 include the requirement for a "programmable communicating thermostat" (PCT). Every new home and every change to existing homes' central heating and air conditioning systems will be...