Next week look for our announcement of S4xJapan. Dates are set; venues are booked; and we have a great plan to make this a first of its kind event in Japan. Also, Japanese readers should check out digitalbond.jp. We finally found some quality translators fluent in Japanese, English and most importantly ICSsec. (The site itself needs some work, but our goal is to put up two Japanese articles a week.)
Darren Highfill is leaving his startup UtiliSec and joining PricewaterhouseCoopers (PwC) in Atlanta as a Director for their Advisory Group. PwC is one of many large consulting firms opening up or enlarging a ICSsec service offering. Justin Searle will continue with UtiliSec.
NEC has selected McAfee as the security partner for their industrial and factory automation solutions. Limited information in the press release but the main product appears to be McAfee’s Embedded Control, application whitelisting/HIPS for embedded devices.
Lot’s of private comments and emotional feedback on our story on the DNP3 User Group this week. No doubt the DNP3 User Group deserves high marks for adding Secure Authentication to the protocol and other quality output from the technical committee, as a number of readers pointed out. Other readers provided examples where TMW or the board were ignoring or breaking rules to their benefit. None of those transgressions though come close to the impact of burying the fact that most deployed DNP3 implementations using a vulnerable protocol stack. Asset owners need to get more involved; TMW needs to resign from one of the two board seats; and conflict of interest needs to be addressed going forward.
The Canadian Standards Association has released a draft standard titled “Cyber Security for Nuclear Power Plants and Small Reactor Facilities” for public comment. Registration (free) is required to access the topic, and you must use the somewhat annoying online viewing app rather than downloading the document.
Those still clinging to the idea that most RFID cards provide effective physical access control should watch the video of RFIDIer cloning some tags … well maybe only if you like to see how easy it is to do by typing commands and seeing results with CCR on in the background. Can’t wait to get our RFIDIer.
Michael Toecker will be teaching his one day class on Cyber Security for Power Generation in conjunction with the one day EnergySec course CIP v5 Foundations. The training is April 17-18 in Denver. Get the details and register now at the EnergySec site.
The Bipartisan Policy Center released a 76-page report titled Cybersecurity and the North American Electric Grid: New Policy Approaches to Address An Evolving Threat. No time to read and analyze it yet.
Two stories from the automotive world. First, Apple announced CarPlay, an application/interface that will allow you to connect your iOS devices into the car entertainment system. Ferrari, Mercedes and Volvo are early adopters, and there appeared to be differences in the quality of the integration based on reviews. Second, Computerworld reports “the next wave of cars may use Ethernet“.