Discussions with Joe Weiss and reading his recent blog entry have me thinking. While I don’t agree with his assessment of the value of the current CIP standards as written, he might be on to something with potential disharmony between FERC’s expectations...
A few new fronts are emerging in the battle between physical and logical separation of SCADA WAN’s. When we perform assessment and architecture projects we always ask if there are any new applications or changes expected in the near future. Increasing we hear...
We are increasingly running into situations where asset owners are cobbling together multiple security controls to do unnecessary and risky functionality they would never consider in the past. The most common example is providing the ability to manage and configure...
I’m prepping for my podcast interview with Joe Weiss on security awareness in control systems and came across one point that didn’t make the cut, but is still interesting. Some people in the community get very upset when SCADA is used as a term to cover...
Assessing the security posture of an asset owner’s SCADA or DCS typically does not involve looking for new, zero-day attacks. Instead, it focuses on identifying protection against known vulnerabilities, as well as good practice configuration and implementation,...
This is a fascinating real world case study and example why protocol stack security and reliability is so important. From a NRC report dated April 17, 2007: On August 19, 2006, operators at Browns Ferry, Unit 3, manually scrammed the unit following a loss of both the...
Many SCADA and DCS vendors are integrating their applications with Microsoft’s Active Directory. There are some benefits to this: Control system vendors no longer need to develop and maintain user management system and other directory services (typically not a...
We just finished a series of SCADApedia entries on security in Rockwell Automation (RA) controllers and software applications. The ControlLogix PAC (powerful PLC) is a prime example of why we are fans of the simple, little IEEE P1686 standard effort. The Logix family...
I’m not going to pick a winner this early, but two factors will determine the winner if history is any guide. 1) The better management system Check Point dominated the firewall market for a very long time primarily based on the easy of use and power of their...
I was waiting for something to inspire the March Monthly Checkup topic and the OPC Server Vulnerability Notes / Patching discussions came through just in time. Here are your check-up tasks for this month: 1) Verify management accepts the risks and approves your...
