ICS Security News

This week the third workshop trying to put together a US Cybersecurity Framework as required by President Obama’s Executive order was held in San Diego. You could grab some of the flavor by following #NISTCSF or spend more time watching the webcast. I have yet to see or hear anything that warrants allocating time to this effort. There is plenty of better and more applicable voluntary ICS security guidance.

DEF CON asked the US Government to stay away this year due to all the eavesdropping and offensive cyber efforts. Quite a change from last year having the Director of NSA giving a keynote. Feds are welcome at S4x14 as they are the leaders in ICS cyber weapons.

Cimation acquired Calgary based Synergist SCADA, Inc., a fellow boutique ICS security consulting practice. Congratulations to Austin and the team there. First Dillon Beresford and now Synergist SCADA, Cimation is gathering some talent.

A much larger potential acquisition is the Schneider Electric offer to purchase Invensys. Schneider bought Telvent only two years ago.

SANS has a call for papers our for their ICS security summits in Singapore (Dec 2-3) and Orlando (Mar 17-18). I spoke at the Orlando event this year and found the agenda to have improved with Mike Assante and a few others from the ICS world taking a larger role in program development.

ICSJWG you have been bested in the worst acronym contest. The US Department of Energy announced ONG-C2M2 (Oil and Natural Gas – Cybersecurity Capability Maturity Model). It “will create a tool that allows owners and operators to assess and prioritise their actions and investments to improve cyber security.”

Toshiba continues to make smart grid acquisitions. The latest is Austrian company cyberGRID. “cyberGRID provides solutions in both areas with Virtual Power Plant (VPP), which matches electricity consumption with a variety of distributed generation.”

The EnergySec agenda is out. Michael Toecker will be presenting “Integrating Cyber Security Alerts into the Operator Display”.

Tweet of the Week

there are a ridiculous number of people googling “definition of holistic cyber security”

— Jack Whitsitt (@sintixerr) July 10, 2013

or

Regulation breeds “innovation” solely aimed at getting around regulation, stifles breakthroughs. — Tom Peters (@tom_peters) June 19, 2013

Worth Reading Articles

  • Tom Aldrich’s detailed recommendations for a rewrite of CIP-002, Part 1 and Part 2

Critical Intelligence’s ICS Security Event Calendar Updates

Critical Intelligence provides reports and other information products on  Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.

Image by chrisinplymouth