Unfettered Blog

Cyber Security isn’t just about terrorism

Computer engineer Terry Childs, 43, is being held on $US5 million ($5.1 million) bail after refusing to hand over the password to San Francisco's FibreWAN system. The network handles up to 60 per cent of the city's government data such as emails, employee financial details, police documents and jail records.

It’s all thanks to Congress…progress, that is!

Congressional support – it has been necessary and fantastic   The NERC CIP process had been an exercise in futility for actually securing the grid. Through the efforts of Jake Olcott from the House Homeland Security staff and Congressman James Langevin and his House Homeland Security Committee, we have finally...

Is there a difference? You be the judge.

Walt Boyes here, stealing Joe's bully pulpit for a moment. MU Security just sent me a press release, quoted below. I submit there is a difference between what this release describes and the infamous Core/Citect incident. And I further submit that the difference is NOT Citect's absolutely abysmal response.

Why is there so much confusion?

Over the past two weeks as I have been preparing for the August Conference, I had conversations with a number of electric and water industry personnel.  The discussions spanned the gamut from complete denial to – yes we did have problems but did not consider them cyber.

Where ARE the experts?

Where are the experts? Several weeks ago, a conference was held by the Brookings Institute and Google on plug-in electric vehicles. In addition to the topic of plug-in vehicles, there was a discussion on cyber security of the electric grid by some very important industry, media, and government individuals.

Joe Sets the Agenda– a litany of cyber issues but are we making progress?

A litany of control system cyber issues – Are we making progress?

What ARE the vendors really building?

The major control system suppliers are claiming they provide tested secure DCS and SCADA systems. To my knowledge, at least four major control system suppliers, in this case 3 DCS and one SCADA, are providing less security than advertized.

Joe reports from ISA POWID meeting

Observations from beautiful, hot Scottsdale – ISA POWID Symposium ISA POWID is the instrumentation and controls symposium for fossil and nuclear power generation. On Tuesday, ISA POWID held 6 hours of security tracks. My general observations include: - Nuclear Energy Institute (NEI) had another scheduling conflict which precluded that organization from...

For the record: Citect responds to charges by Core

From the press release, verbatim: Citect reassures its customers on the security of their SCADA networks Sydney, Australia [June 12, 2008] – Citect has moved to reassure its SCADA customers they are extremely unlikely to be at risk from potential security breaches found by Core Security Technologies in Windows-based control...

Core Technologies Outs Citect to Associated Press

Thanks to Marcus Sachs for pointing me to this one---WB In my view, this raises several questions. Why, again (remember, Core accused Wonderware of dilatory response just a couple of months ago) did Citect take five months to fix the problem? Why did Core go to the Associated Press? Does...