Unfettered Blog

Process Control Safety System Hack

One of the highlights of the Applied Control Solutions August Control System Cyber Security Conference will be a demonstration of a cyber attack on a typical process control safety system. The attack will traverse a firewall faulting both a typical controller and safety system without an indication at the operator...

Some observations on the differences between enterprise and SCADA security

I posted this earlier on the new SCADASEC listserv and I thought it deserved a wider audience.... If what you are doing is SCADA security, instead of IT Enterprise security, I would like to offer two observations. The first is that SCADA security has a somewhat different purpose than enterprise security.

Why domain expertise isn’t important in cybersecurity—not.

I had a meeting with a vendor who is not a control system vendor but is working on control system security. Last year they participated in a webinar when the question was asked what control system cyber events have occurred.

Are you a black hat or a white hat– ACS’ conference timing gives you a choice

date is set for August 4-7 at the Marriott Burr Ridge Conference Center near Chicago. Since 2004, the Control System Cyber Security Workshop has been held in early August. The reason for the date was to avoid IEEE, ISA, PCSF, DCS and SCADA User group meetings which generally are...

More on the CIA announcement and culture issues

As noted in a previous blog, I was assured the CIA announcement on the overseas control system cyber attacks was indeed real. The announcement spawned an immense amount of smoke and/or fire- real or fear mongering - as there were essentially no details provided.

The dichotomy between HMI and field devices

Last week at Distributech in Tampa it was interesting to see the dichotomy between many of the HMI suppliers (SCADA) and field device suppliers (PLCs, RTUs, IEDs, smart transmitters and drives, etc.). SCADA and DCS vendors have recognized the need for securing the Windows or Linux-based HMI.

2008 Applied Control Solutions Control System Cyber Security Conference

I am pleased to announce the 2008 Applied Control Solutions Control System Cyber Security Conference will be held August 4-7, 2008 in Burr Ridge, IL (Chicago area). Argonne National Laboratory, one of the national laboratories working on critical infrastructure protection, will co-host this year's event with a focus on interdependencies.

About that CIA disclosure…

I posted this earlier today on the A-List at www.control.com in response to a question about the veracity of the CIA report at SANS: Joe Weiss (www.controlglobal.com/unfettered) and I believe the CIA report to be credible. Why we believe that is not for this public forum. Sorry to be mysterious.

Signals from Distributech, and Joe believes the CIA

News from Tampa

ISA Selects Wurldtech As Service Provider For New Industrial Cyber Security Tool

From the press release: