After reading the announcements and hearing the presentation from Wurldtech and Shell at ICSJWG, I was eager to read the WIB document Process Control Domain Security Requirements for Vendors. My understanding going in was this document was going to provide Vendors...
After 6 years considering security for control systems I have came to the conclusion that there is very little security in control systems. Sure we can take measures to tighten up the security of the PCs and devices that compose the system, but given the number of...
We do a lot more work in the generation and transmission side of the electric sector so Distributech is always a welcome show to learn more about the distribution side. And of course this year Smart Grid dominated the show. One very clear positive result from the NERC...
As I have started the code for using Portaledge to meet NERC CIP requirements some other security benefits from this process have become apparent. These benefits help to improve security by; creating data redundancy, and by leveraging the log data through the...
I have always admired the comments of Michael Toecker on our site and elsewhere, and offered him the opportunity to write an occasional blog entry here when he has something to say. Here is the first of hopefully many from Michael. Many asset owners in the energy...
Charles and I have generated a set of functions, scripts and documents for producing normalized Security Event Monitor (SEM) output and integrating the output with SEMs. Our target for this release was Tenable’s Security Center but the concepts and output will...
The SheevaPlug 3.0 is a full PC in a tiny package. Featuring a 2 ghz Armada cpu, built in micro HD, usb, Wi-Fi, hi speed ethernet and blue tooth in an about 2″x3″ “plug in” form (no bigger than a lot of laptop power supplies) the SheevaPlus...
A few days ago a friend of mine shared out an old editorial about lifeboats, parodying the objections to civil defense programs in the early 60s, from the Harvard Crimson. People haven’t changed much. The same type of arguments brought up time and time again...
As I read the twelve initiatives of the CNCI, I was looking for its strong and weak points. However, I couldn’t help but think about the level of effort that was required to produce these nice words on these general thoughts. Is this document and the program...
A new video out of Rutgers University demonstrates remote control of a rootkit infected open source Linux based smart phone that allows the attackers to use the phone as a listening device without the user being aware that the phone is communicating. While not a new...
