Category: cybersecurity Aurora vulnerability Cyber Week in Review SCADA AWWA Ferc ISA99 Smart Grid ACS Water Sector Coordinating Council WSCC SCADASEC Citect Vulnerability Metasploit
Submitted by Joe Weiss on Mon, 09/15/2008 - 10:53
A number of activities occurred over the past 2 weeks.
Category: cybersecurity Aurora vulnerability Nuclear Plants Dale Peterson Turkey Point incident commentary NIST SP800-53 Olympic Pipeline Company SCADA security Bellingham Olympic Pipeline incident Digital Bond Bandolier Hatch2 incident Maroochyshire Browns Ferry Florida Outage
Submitted by Joe Weiss on Sat, 06/07/2008 - 14:43
Bandolier: Is half way there good enough? I want to specifically respond to Ralph Langer’s comments from my blog post on Severity Levels. Ralph posted, “While I agree in general that severity cannot be established without context, experience tells me that such context can hardly be established by any kind...
Category: ISA99 Aurora vulnerability INL 2008 ACS Conference Applied Control Solutions Conference Cybersecurity Conference Bellingham Olympic Pipeline incident Digital Bond Bandolier CS2SAT
Submitted by Joe Weiss on Thu, 05/29/2008 - 13:01
What do severity ratings REALLY mean? I read a blog on Digital Bond’s Bandolier project (www.digitalbond.com,
Submitted by waltboyes on Fri, 04/25/2008 - 07:04
Training the Bad Guys Dale Peterson’s April 22nd blog had the following: “Jason Larsen’s presentation on SCADA and Control System hacking from Blackhat Federal 08 is now available.” There has been a prevailing view that control systems are secure because they are so arcane and obscure.
Category: NERC cybersecurity Aurora vulnerability Nuclear Plants NERC CIPS cyberterrorism NEI-0404 NIST SP800-53 DHS LOGIIC Program
Submitted by Joe Weiss on Mon, 03/31/2008 - 13:23
I read about, or attend, government programs, industry programs, and industry conferences that purport to have solutions for “SCADA security”. All I can do is shrug my shoulders. There are several fundamental issues that have not yet been addressed: - There is still a dreadful lack of understanding about legacy...
Submitted by Joe Weiss on Fri, 02/29/2008 - 12:09
Substation equipment and cyber issues Much has been written about what did, didn’t, or could have happened with the recent Florida blackout. Any potential terrorism issues would be physical and/or cyber. Physical terrorism is generally visible and can be ruled in or out fairly quickly.
Submitted by Joe Weiss on Tue, 01/08/2008 - 11:31
How real is cyber? Last Friday, I met with an electric utility with combined cycle power plants. I mentioned the potential vulnerability of the electronic (cyber) link from the combustion turbine vendor to the utility. On Monday, I got the following e-mail: "Saturday after remotely tuning the unit, the combustion...
Submitted by waltboyes on Tue, 12/18/2007 - 11:59
The old security adage is that you are only as secure as the weakest link in the chain. ABB, the leading international power and automation technology group, announced that twelve of its utility partners have formed a consortium spanning two continents to privately fund advanced research and testing into securing...
Submitted by Joe Weiss on Fri, 12/14/2007 - 08:17
Regarding the FERC Letter on Aurora and industry misstatements
Submitted by Joe Weiss on Fri, 12/07/2007 - 10:11
Next Thursday, the NERC Critical Infrastructure Protection Committee (CIPC) will have a session on Aurora - the Idaho National Lab demonstration of destroying a diesel generator via a cyber attack. The session will include utilities and vendors.