Cyber security is still not well understood in the Power Industry

On Tuesday, the Power Engineering E-Newsletter had the following headline: Siemens to Design 400 W IGCC Plant. However, nowhere in the newsletter was the Siemens PLC cyber vulnerability mentioned. When I mentioned this to the editor, he had not heard about the Siemens vulnerability. This is not to denigrate Power Engineering as much as it is to say that sensitivity about cyber issues has really not made its way into the power generation industry. To show this is not a power generation issue, IEEE issued the draft standard P1547.4/D10.0 1 Draft Guide for Design, Operation, and Integration of Distributed Resource Island Systems with Electric Power Systems with balloting ending April 17, 2010. The draft standard addresses microgrids in electric power systems and provides alternative approaches and good practices for design, operation, and integration. The document is intended to provide an introductory overview and address engineering concerns of distributed resources. It includes loss of communications. However, it does not mention cyber security even once. Next week at Black Hat, there will be a demonstration of hacking VxWorks. For those not aware of VxWorks, it is arguably the most popular operating system in field devices. Get ready for further fireworks.
Joe Weiss