Are ICS vendors really to blame for insecure systems?

The  linked-in site, Cyber Security Forum Initiative, has the following thread: “Unfixed SCADA security holes are growing.
April 23, 2012
2 min read
The  linked-in site, Cyber Security Forum Initiative, has the following thread: “Unfixed SCADA security holes are growing. Should Vendors be made accountable for hacks to their unpatched SW?”. The implication is that vendors aren’t interested in securing their legacy products. I cannot speak for all ICS vendors, but I do know that many ICS vendors supporting the electric industry are frustrated. This is because many utilities are concerned with NERC CIP compliance to the exclusion of actually securing their legacy control systems. This is because the utilities may not be required to actually secure these systems to be NERC CIP compliant (isn’t that crazy?).  A domestic utility has been willing to act as a test bed for actually SECURING LEGACY ICSs for RELIABILITY considerations. Many ICS vendors I have contacted will be working with the utility to determine how to secure these legacy systems. The lessons-learned from the utility and the ICS vendors will be presented at the 12th ICS Cyber Security Conference the week of October 22nd.

The other concerns with the thread are responses to Aurora and the Idaho National Laboratory (INL) test that are wrong. The Aurora misconceptions and the lessons-learned from a hardware-implementation program will be presented by the utility and sponsoring government organization at the 12th ICS Conference. As Aurora can affect almost all substations, this presentation should be of value to all US utilities since the results of this hardware mitigation plan can reasonably be expected of all US utilities.

Joe Weiss

About the Author

Email

Joe Weiss

Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Sign up for Control eNews
Get the latest news and updates

Related

Phillips 66 digitalizes SIS management
Prep to paint the analytics room
Boost Sludge Thickening with Real-Time Metrics
Sponsored
Reliable Instrumentation for Carbon Capture
Sponsored