SCADA Security News

Siemens had a webinar and put out more information on the security features integrated into the S7-1500 PLC. The features offer some important integrity protection if the Siemens development team implemented them properly. The videos on the site are high level only so it’s too early to say, but we will gather and put out more information shortly.

Nivis announced they will release their ISA100.11a and WirelessHART protocol stacks as open source.

The second workshop on the new US Cybersecurity Framework will be held May 29-31 at Carnegie-Mellon in Pittsburgh. The first morning begins with a NIST analysis of submitted comments, followed by workshops the remaining 2.5 days. The comments are available on this page.

The Japan Times reports that South Korea’s state run operator of nuclear plants has “separated its internal computer network from the Internet … also completely divided its nuclear plant control systems from its internal computer networks and restricted both systems’ access to the Internet, while USB ports of the plant control systems have also been sealed.” A wise move, but hopefully it did not take the recent N. Korea provocations to separate the internal computer network from the nuclear control system.

In the US, FERC proposed to accept the NERC CIP Version 5 standards and bypass, or severely limit the time in force, Version 4. The industry and regulators are almost unanimous that this is a wise plan.

Patrick Coyle continues his stellar coverage of US cybersecurity legislation with an entry this week on three bills passing in the House. It looks like multiple cybersecurity laws will be signed this year, but whether they will do more than allow Congress and the President to say they did something is an open question.

On his trip to Asia, US Secretary of State John Kerry announced the formation of “cyber working groups” with Japan and China. These would seem to be two very different working groups based on the status of these bilateral relationships.

Tweet of the Week

Pass this week

Don’t forget to subscribe to this blog RSS feed and follow on twitter.

Worth Reading Articles

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by chrisinplymouth