NIST Released New Draft Outline of Cyber Standard #pauto #critical-Infrastructure #automation #cybersecurity #hacking
NIST Releases Draft Outline of Cybersecurity Framework for Critical Infrastructure
What precipitated this blog was a NERC employee trying to discourage a utility from participating in an Aurora hardware demonstration. Based on the facts below, I would posit that the NERC CIP approach has not improved the reliability of the electric grid from cyber threats and may have actually made...
As an engineer, I have been brought up to work with number, physics, and logic. As a control systems engineer, I have brought up to focus on reliability and safety - we want the process to work and not to hurt people.
I am aware of a utility having just performed a SCADA upgrade with a major SCADA supplier. The previous version was not secure. Part of the upgrade process was to secure the new version. Following the completion of the upgrade, the vendor is remotely accessing the live SCADA system and...
Critical infrastructures include water, oil/gas, pipelines, chemicals, manufacturing, telecommunications, transportation, etc. Their continued operation requires the electric utility industry to be available. However, the electric utility industry is also a cyber threat to all of those end-users. That threat is Aurora.
Mark Sparkman is a former senior officer with the CIA's National Clandestine Service, and is now a senior international affairs analyst with the RAND Corporation. He wrote this article: The Real Cyber Threat, for CNN http://www.rand.org/commentary/2013/05/21/CNN.html.
ICS Cyber Security is still not understood by the IT community - and it is hurting critical infrastructure
May 8, 2013 Cheri McGuire, Symantec's Vice President, Global Government Affairs & Cybersecurity Policy testified to the Senate Judiciary Subcommittee on Crime and Terrorism hearing. She stated: "In my testimony today, I will provide the Subcommittee with our latest analysis of the threat landscape as detailed in the just-released Symantec...
December 2011, I attended the POLCYB meeting in Los Angeles. A major pharmaceutical manufacturer attended. The pharmaceutical representative mentioned they had not addressed ICS cyber security as they had simply not considered it and there was no regulatory driver.
SELLERSVILLE, PA (May 9, 2013) --exida, an accredited global Certification Body, has discovered a counterfeit certificate falsely claiming that a product meets the functional safety requirements for Safety Integrity Level (SIL) 3 capable per IEC 61508.
Dale Peterson wrote a blog at www.digitalbond.com stating that "People Are Not THE Answer" to ICS cyber security. I disagree with Dale and have frequently stated that the 75% silver bullet for ICS cyber security is appropriate policies, procedures, training, and architecture.