Dark Reading reports this week on Bitsight Technologies security ratings for the utility industry. Bitsight scored the sector as second highest in security posture, with the financial industry rated first. This scoring is primarily based on the corporate network, not ICS. However this does confirm that many utilities have capable IT security staffs that could help Operations if everyone played well together.
Based on Congressional Testimony, ICS-CERT is ramping up their free consulting practice. “ICS-CERT, in coordination with DOE and the Federal Energy Regulatory Commission (FERC), has also started an initiative dubbed “SAFEGUARD” to assess the cybersecurity of major energy sector asset owners (e.g., electric and gas utilities, petroleum companies) to proactively understand the state of security. Customized services include cybersecurity assessments, network architecture reviews, network scanning to look for static indicators and indicators of adversary persistence and anomalies, and control systems network traffic visualization.” Hopefully the recipients of this taxpayer funded consulting will be required to report on the remediation of identified risks and ICS-CERT will be able to publish detailed but anonymized information.
The team at Shodan have put up an ICS Radar page showing where in the world Internet connected ICS applications or devices have been found and some global statistics by protocol. John Matherly will also be presenting at ICSJWG next Wednesday.
The on-again-off-again 2014 edition of WeissCon is now firmly on, Oct 20-23 in Atlanta. This will be the first year the event is owned and run by Security Week, although Joe will still be heavily involved.
Ralph Langner and Perry Pederson will be presenting their RIPE Framework in DC on June 24th. Contact The Langner Group to register.
Navigant Research published some information indicating Demand Response might not be growing as expected. A court ruling on a FERC order and data from the PJM Interconnection are cited.