I posted this earlier on the new SCADASEC listserv and I thought it deserved a wider audience.... If what you are doing is SCADA security, instead of IT Enterprise security, I would like to offer two observations. The first is that SCADA security has a somewhat different purpose than enterprise security.
I had a meeting with a vendor who is not a control system vendor but is working on control system security. Last year they participated in a webinar when the question was asked what control system cyber events have occurred.
date is set for August 4-7 at the Marriott Burr Ridge Conference Center near Chicago. Since 2004, the Control System Cyber Security Workshop has been held in early August. The reason for the date was to avoid IEEE, ISA, PCSF, DCS and SCADA User group meetings which generally are...
As noted in a previous blog, I was assured the CIA announcement on the overseas control system cyber attacks was indeed real. The announcement spawned an immense amount of smoke and/or fire- real or fear mongering - as there were essentially no details provided.
Last week at Distributech in Tampa it was interesting to see the dichotomy between many of the HMI suppliers (SCADA) and field device suppliers (PLCs, RTUs, IEDs, smart transmitters and drives, etc.). SCADA and DCS vendors have recognized the need for securing the Windows or Linux-based HMI.
I am pleased to announce the 2008 Applied Control Solutions Control System Cyber Security Conference will be held August 4-7, 2008 in Burr Ridge, IL (Chicago area). Argonne National Laboratory, one of the national laboratories working on critical infrastructure protection, will co-host this year's event with a focus on interdependencies.
I posted this earlier today on the A-List at www.control.com in response to a question about the veracity of the CIA report at SANS: Joe Weiss (www.controlglobal.com/unfettered) and I believe the CIA report to be credible. Why we believe that is not for this public forum. Sorry to be mysterious.
News from Tampa
From the press release:
has a very interesting and provocative discussion about the CIA disclosure at SANS last week. This is the second time SANS has made an unverifiable disclosure on control system cyber extortion. SANS needs to provide more detailed information not only to validate its authenticity but to provide enough information for i...