Unfettered Blog

DHS S&T and ICS Cyber Security – What's holding up DHS S&T

August 22nd, the DHS Cyber Security Division held the Transition to Practice Technology Demonstration for Investors, Integrators and IT Companies in San Jose. To great fanfare (it was on local radio and TV) there were 8 cybersecurity technologies being showcased. NONE were directly relevant to control systems!

Hard hat vs Black hat - the hype versus reality

The issue of critical infrastructure protection, or control system cyber security, is getting to be more popular with the mainstream IT community as demonstrated by the number of presentations at Black Hat. The issue is really separating the real issues from the hype.

Insurers' role in ICS cyber security - is there one?

We had assumed that insurers were taking the risk of ICS cyber security seriously. We also thought this could be the driver to get end-users to actually secure their ICSs. Consequently, we intended to have a session on insurer's role in ICS cyber security at the 2013 ICS Cyber Security...

Will the NIST approach to the Executive Order actually support Industrial Control Systems (ICSs)?

I have been involved with NIST to one degree or other on ICS cyber security since 2000 and on other technical issues long before that. I have done this as I firmly believed NIST was the best independent organization to be able to develop ICS cyber security standards.

Will a control system cyber security framework really get organizations to collaborate

Electrons do not have organization charts. Neither do hackers. Unfortunately people and organizations do. As a result of the second utility willing to engage in an Aurora demonstration project, an issue arose about the cyber security of the devices used in the transformer controls.

NIST Released New Draft Outline of Cyber Standard #pauto #critical-Infrastructure #automation #cybersecurity #hacking

NIST Releases Draft Outline of Cybersecurity Framework for Critical Infrastructure

Who is the greater threat to reliability of the electric grid - NERC or the hackers?

What precipitated this blog was a NERC employee trying to discourage a utility from participating in an Aurora hardware demonstration. Based on the facts below, I would posit that the NERC CIP approach has not improved the reliability of the electric grid from cyber threats and may have actually made...

What does it take to get engineering back into security?

As an engineer, I have been brought up to work with number, physics, and logic. As a control systems engineer, I have brought up to focus on reliability and safety - we want the process to work and not to hurt people.

How can a major SCADA vendor be this clueless

I am aware of a utility having just performed a SCADA upgrade with a major SCADA supplier. The previous version was not secure. Part of the upgrade process was to secure the new version. Following the completion of the upgrade, the vendor is remotely accessing the live SCADA system and...

A major cyber threat to critical infrastructures is from ... the electric utilities

Critical infrastructures include water, oil/gas, pipelines, chemicals, manufacturing, telecommunications, transportation, etc. Their continued operation requires the electric utility industry to be available. However, the electric utility industry is also a cyber threat to all of those end-users. That threat is Aurora.