From SANS Bites…

Dec. 12, 2007
The following is from SANS Bites 12.11.2007 with my comments boldfaced :  [Editor's Note (Paller): This is a stunning development. NERC's cyber security standards were coming to be seen as almost totally ineffective (That statement is wrong- the industry has been fighting tooth and nail to justify and keep the NERC CIPs as written). FERC's action will immediately shift industry action ...
The following is from SANS Bites 12.11.2007 with my comments boldfaced :  [Editor's Note (Paller): This is a stunning development. NERC's cyber security standards were coming to be seen as almost totally ineffective(That statement is wrong- the industry has been fighting tooth and nail to justify and keep the NERC CIPs as written).FERC's action will immediately shift industry action from NERC's focus on compliance to a new focus on actually improving security and proving the work is done.  Kudos to Chairman Langevin and Ranking Member McCaul of the House Homeland Security Subcommittee on Emerging Threats and Cyber Security whose recent hearings illuminate the problems at NERC. Without their leadership, and the active efforts of Mike Peters at FERC, this important action would not have happened until after a major catastrophe. How to navigate the new rules will be a key topic at the SCADA and Control System Security Workshop in January in New Orleans.(First we had the NERC CIP Workshops telling utilities how to circumvent the intent of the industry cyber security standards. This has been followed by multiple conferences on how to be compliant with the NERC CIPs with no thought to actually improving the security of the facilities. Now SANS who knows little about control systems is going to provide help. Where are the utilities going to turn to get useful, factual advice that will actually secure control systems???) Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.