Unfettered Blog

What, exactly does the CIA know?

 has a very interesting and provocative discussion about the CIA disclosure at SANS last week. This is the second time SANS has made an unverifiable disclosure on control system cyber extortion. SANS needs to provide more detailed information not only to validate its authenticity but to provide enough information for i...

FERC plays Solomon with the NERC CIPs

The NERC critical infrastructure protection (CIP) reliability standards to protect the nation's bulk power system against potential cyber security impacts have drawn passionate partisans-those who believe they are sufficient (NERC and the utilities); and those that believe they are not adequate (Congress, control system experts, cyber security experts, etc).

Control systems are isolated, not…

How isolated are control system networks? There is a prevailing view by many that corporate firewalls and DMZ's provide adequate screening and protection to minimize "hits" on control system networks. Consequently, there is an expectation that control system firewalls (if they even exist) will see very little traffic.

Can you hack the grid from your home thermostat??

In California, we have 236 pages of state-mandated standards for building energy efficiency, known as Title 24.  The proposed revisions to Title 24 include the requirement for a "programmable communicating thermostat" (PCT). Every new home and every change to existing homes' central heating and air conditioning systems will be...

And just how real is the cyber threat?

Last Friday, I met with an electric utility with combined cycle power plants. I mentioned the potential vulnerability of the electronic (cyber) link from the combustion turbine vendor to the utility. On Monday, I got the following e-mail: "Saturday after remotely tuning the unit, the combustion turbine vendor gave...

Here is where the difference lies…

. Here's what the blurb said: "Symantecâ„¢ Endpoint Protection: A unified, proactive approach to endpoint security Organizations today face a threat landscape that involves stealthy, targeted, and financially motivated attacks that exploit vulnerabilities in endpoint de...

What does it take for people to understand CONTROL SYSTEM cyber security?

I received the following message from Ron Southworth on my blog on nuclear power. ""¦ The "Need to Know" ethos is very much part of the culture and understandingly so. Still, as you say there are common frames of reference within control systems regardless of the process that can benefit...

Nuclear plant cyber security - they still don't get it

There is still an "us" (nuclear) vs "them" (non-nuclear) approach being taken by the nuclear industry with respect to working with the non-nuclear community on control system cyber security. Specifically, the December issue of Nuclear News references a nuclear plant instrumentation and control system meeting specifically on cyber security that...

Telvent passes INL SCADA System Exam phase one

From the press release: Telvent's OASyS DNA 7.5 SCADA Successfully Concludes Its Initial Evaluation Stage Prime Newswire The Project Was Jointly Developed by Telvent, the SCADA System Examination Center At the U.S. Department of Energy and the Idaho National Laboratory December 19, 2007: 07:30 AM EST MADRID, Spain, Dec.

Digital Bond’s top ten…

Dale Peterson posted his Top Ten SCADA Security Stories for 2007, and #8 was the following: 8 Joe Weiss Unfettered Love him or hate him, Joe Weiss moving from KEMA to form his own company, Applied Control Solutions, and more importantly become