Where do you go to get the right guidance when an ICS cyber incident hits

Last year when Stuxnet was first disclosed, the initial guidance given would have done great harm to the Siemens PLC. The appropriate guidance for the PLC still hasn’t made its way to the appropriate end-users.  When you look at all of the articles on Stuxnet, it is very apparent that those with adequate understanding are still few and far between.  Yesterday, an integrator in Brazil made a call for help on SCADASec because his client’s plant has been infected by the Conficker worm. The responses from SCADASec readers were all over the map with much of the guidance at odds.  Because there are no certifications for control system cyber security, anyone can be an “expert”. Who does he believe? This is certainly a subject for discussion at the September ACS Conference.

Joe Weiss

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

  • <p>Well I don't think that the right guidance should be hard to find, given that there are not very much more than ten dedicated ICS security contractors on the planet, including ACS. Certainly those ten will not provide guidance for free, which is what many still seem to expect. </p>

    Reply

RSS feed for comments on this page | RSS feed for all comments