The Department of Energy issued an update to their Cybersecurity Procurement Language for Energy Delivery Systems. Useful document if you are working on an ICS RFP. Will they develop an Appendix that will map the requirement statements to NIST CSF sub-category requirements?
Congratulations to John Cusimano who has left Exida to run the new Industrial Cybersecurity business line at aeSolutions. John has been very active in ISA99 and with Exida’s test lab work related to ISASecure.
Red Tiger has a worth reading article reminding us that the RFID prox cards widely used for physical security are easily cloned. There is a lot of misplaced confidence in the effectiveness of this solution against a moderately skilled adversary.
The new Industrial Defender, now part of Lockheed Martin, website is instructive of where they see the market heading. Right on the home page they list their view of the 3 challenges: Cybersecurity, Compliance and Change Management. This may be reflective of what is driving ICS security sales, although not necessarily in that order.
Consolidation in the energy automation sector continues. Siemens may be spurned by Alstom, but now they are looking at Rolls Royce gas turbine and compressor business.
Cesar Cerrudo at IOActive wrote an article on Hacking Control Systems. My favorite line “the vendor said that since the devices were designed that way (insecure) on purpose, they were working as designed”. Welcome to insecure by design Cesar.
SecurityWeek followed up their recent purchase of WeissCon by acquiring Jeffrey Carr’s Suits and Spooks. It will be interesting to see how those events change. I know Joe and Jeff put in huge efforts in every aspect of these events to make them what they were.
So is the ICS world relieved now that Microsoft issued a patch for the IE browser on XP?