Unfettered Blog

Making progress – one person at a time

I received the following Link-in request and thought it would be of interest as I believe it covers a broad swath of the utility infrastructure.  “We met several years ago, I think back in 2002, when you spoke at a SCADA system users group meeting.

ICS cyber security and plausible deniability

I believe way too many people and organizations particularly in the electric and water industries have a severe case of plausible deniability - “if I have not heard about it to my face, I do not have to address it.” However plausible deniability may have just sprung a leak.

Merry Christmas to the hacker community from LonWorks

According to Wikipedia, as of 2010 more than 90 million devices were installed with LonWorks technology. Manufacturers in a variety of industries have adopted the platform as the basis for their product and service offerings. As of December 23, 2013, the LonWorks Network Communication and Interface Guide is available on...

Amphion Conference – what the IT community still does not understand about ICS cyber security

I attended the Amphion Conference December 12th in San Francisco. The Amphion Conference is focused on end-point devices, particularly mobile devices. Even though there were numerous sessions on the Internet of Things, there was very little attendance from the ICS community.

ENISA Report on SCADA patch management - what is missing

ENISA- the European Union Agency for Network and Information Security – issued a report on patching SCADA systems: “Window of exposure … a real problem for SCADA systems? Recommendations for Europe on SCADA patching” dated December 2013.

IEEE Computer article – “Does Security Trump Reliability”

The October 2013 issue of IEEE Computer magazine has an article titles “Does security trump reliability?” The question of security vs reliability/safety is a critical one for industrial control systems (ICSs). For ICSs, security and reliability are NOT equals - reliability and safety MUST win or the system doesn’t work and...

Three blind mice

Ironically, less than a week after the ICS Cyber Security Conference that NERC did not attend, NERC issued another set of Lessons Learned for three incidents. In each case, cyber communication issues resulted in system impacts.

Final Summary-- 13th ICS Cyber Security Conference

Here are the highlights from Wednesday and Thursday of the 13th ICS Cyber Security Conference. The details are skimpy, because no recording is permitted.

Highlights from the 13th ICS Cyber Security Conference #pauto #NERC-CIPS #cyber #security #ICS

Highlights of the 13th ICS Cyber Security Conference including global attendance, Kaspersky's new Cyber Security Game, report of a major cyber incident in a utility, an ICS Honeypot, and "loss of integrity" incidents.

The 13th ICS Cyber Security Conference is sold out

Much to our surprise, we had to close the registration as there is no more “room at the inn”.  The registration is almost entirely from the private industry and international participants as the budget battle in Washington prevented any of the usual government personnel from attending.