SCADA Security News

DHS ICSJWG is starting a new Standards subgroup “to identify current industrial control systems security standards that exist, assess and evaluate a relevant set of baseline control systems standard requirements, and create and maintain a catalog of timely and actionable control systems cybersecurity requirements for use by standards development organizations.”

A timely example this week of an ICS vendor doing a great job on actually fixing a vulnerability and disclosure. Read the comment from Emerson’s Jeff Potter on the Chemical Facility Security News blog.  Joel Langill found a vuln in the Delta V MD series controller. Emerson investigated and self reported the same vuln was in the SD series. Emerson sells a firewall that blocks this attack, but rather than say buy our firewall (subtle jab at Honeywell? and the Siemens approach) they fixed the problem. Nice job Emerson.

Samuel Linares has put together a team to form Centro de Ciberseguridad Industrial, a non-profit aimed at improvement of ICS security in Spain and Latin America. Obviously the content is in Spanish, and a good Spanish language ICS security site is helpful.

OWASP started a SCADA Security Project page on March 1st. Not much info on the page yet except that Andrey Komarov is listed as the Project Leader.

First there was the Chertoff Group. Now we have former DHS Secretary Tom Ridge and Former White House Cyber Czar Howard Schmidt forming Ridge Schmidt Cyber LLC.

DHS is ten years old. A Senate Hearing this week, A Progress Report on Management, was postponed.

Tweet of the Week

[blackbirdpie id=”309831108244144128″]

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by chrisinplymouth