Friday News & Notes

DHS ICSJWG is starting a new Standards subgroup “to identify current industrial control systems security standards that exist, assess and evaluate a relevant set of baseline control systems standard requirements, and create and maintain a catalog of timely...

What ICS-CERT Is and Isn’t

When ICS-CERT was created I expected a lot more. I expected analysis and insight from skilled ICS security experts. The reality is ICS-CERT is merely a coordinator of communication between vulnerability finders and the vendor. ICS-CERT Alerts and Advisories simply...

S4x13 Video and Schneider / Gervais / ICS-CERT

Note: I have two posts going up tomorrow on ICS-CERT and DHS. The first is on what ICS-CERT actually does vs. expectation and lore. The second is reaction to the DHS Office of Inspector General (OIG) report on DHS’s performance in securing ICS. Yesterday...

Defense in Depth Misunderstood & Misapplied in ICS

Key Defense in Depth Principle: Don’t rely solely on the security perimeter(s). Secure the assets inside the perimeter to withstand attacks. As we have covered ad nauseam on this site and clearly demonstrated in Project Basecamp, almost all PLC’s,...

Friday News & Notes

Mark Clayton of the Christian Science Monitor broke the story of a 6-month spear phishing campaign on 23 gas pipeline companies. “Sensitive files were stolen that could give a cyberintruder the ability to control, or alter the operation of the pipelines,...

The Case Against A Risk-Based Approach

Ralph Langner’s paired with Perry Pederson for his first major paper at the Brookings Institution – Bound To Fail: Why Cyber Risk Cannot Be “Managed” Away. The authors write “The sober reality is that in respect to the cyber security...

Friday News & Notes

For the second week we have a story that dwarfed all others and led to a flurry of mainstream press interest — of course it is Mandiant’s Whitepaper on APT1. The related inside-baseball story I’m waiting for is how much all of this has been...

Electricity Market 101

A lot of Digital Bond readers are not electric power professionals, so I figured some 101 on the electricity sector might be appropriate. One of the more fascinating, and least understood even by power professionals, aspects of electric power is the electric power...

Friday News & Notes

Of course the big story was President Obama’s Executive Order Improving Critical Infrastructure Cyber Security with the key elements being information sharing and the development of the cybersecurity framework. The biggest potential impact is a possible...