Many of the large electric and oil/gas asset owners either have purchased a Security Event Manager (SEM) or use a managed security service provider (MSSP) for monitoring security on the enterprise network. Now that we have identified meta security events occurring in...
A few friends have pointed out we need to come up with a project name or acronym for our DoE research contract project. Suggestions would be welcome. There are three parts to this project, and all are described in more detail in the Project Narrative. Compliance...
We are thrilled to announce that Digital Bond was one of five companies selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically advanced controls and cyber-security devices into our electric grid and energy...
Representatives from NERC, Joe Weiss and a couple of other experts will be testifying tomorrow to a subcommittee of the House Committee on Homeland Security. Of course as nothing more than a researcher/consultant/humble blogger I was not asked to testify, so...
The 90’s were filled with hope on the IT / SCADA front. Asset owners could save money by just moving to the Windows platform. Put web servers in most systems so the browser is the easy to use, universal GUI. Connect everything so information can be used...
Wireless for control systems has been a hot topic for a few years now, and recently we have been treated to the efforts of different groups, i.e. ISA 100 and WirelessHart, to develop a standard that includes security. Which leads to the question how does the use of...
Frustration building . . . must keep civil tone . . . another silent fix in widely used control system application passes by our doorway . . . This site has had a running series of blog entries on vulnerability disclosure including discussions on the dangers of the...
It is so disheartening. Secure By Default is a straightforward and critically important security concept. The default settings for a device or application should be secure settings so an administrator must turn off security to weaken rather than turn on security to...
The headline on this blog is hardly shocking, but software quality does not get enough attention in the control system community. We now have three strong data points that show all OPC servers are not created equal. 1. The latest is Landon’s work to verify...
There’s been a delay in releasing the final paper of the three part OPC Security Whitepaper series as the paper has been going through some extensive testing. Our initial testing was with a limited amount of servers as a large amount of OPC servers exist and...
