About that CIA disclosure…

Jan. 25, 2008
I posted this earlier today on the A-List at www.control.com in response to a question about the veracity of the CIA report at SANS: Joe Weiss (www.controlglobal.com/unfettered) and I believe the CIA report to be credible. Why we believe that is not for this public forum. Sorry to be mysterious. CIA is not the only agency of the US Government that takes this position. And much of the US Government is ap...
I posted this earlier today on the A-List at www.control.com in response to a question about the veracity of the CIA report at SANS: Joe Weiss (www.controlglobal.com/unfettered) and I believe the CIA report to be credible. Why we believe that is not for this public forum. Sorry to be mysterious. CIA is not the only agency of the US Government that takes this position. And much of the US Government is apolitical, in case you want to go there. There are in fact documented cases of cyber incidents in power, water, and wastewater utilities. There have been documented cases of cyber incidents in a variety of process and discrete manufacturing industry verticals. Is this issue real? Yes. Joe will again hold his Realtime ACS Cyber Security Conference this August (the 8th since he started doing it, the second since he left KEMA and started ACS). For info, see www.realtimeacs.com. You can also read Joe's testimony before the congressional committee that held hearings late last year on the subject. Just search "Unfettered" (www.controlglobal.com/unfettered) for the blogposts where we published it. It is real enough that in April of 2006, a group of vendors and end users including Honeywell, Invensys, ABB, Siemens, Exxon, Chevron, Shell, and others (myself, Eric and Joanne Byres of Byres Security, etc.) formed an ad hoc group to work on creating a consortium to produce compliance testing in parallel with ISA's SP99 Cyber Security Standard Committee and NIST. This has become the ISCI (www.isa.org/ISASecure/) ISA Security Compliance Institute. In fairness, it must be said that the CEOs of the North American power utilities disagree with Joe, myself, Eric Byres, the CIA and others. It remains to be seen whether we are alarmists or they are ostriches.

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Why should American-Made Products be a top priority?

Within this white paper, Shalabh “Shalli” Kumar, founder of AVG Advanced Technologies, stresses the importance of prioritizing American-made products to safeguard the country'...