3 Apr 2012 | 2012
Bryan Owen and Ralph Langner had great comments on our recent NERC CIP, Non-US Utilities and Security article. Here is an extended version of my response and comment. ———- NERC CIP has certainly provided some useful data points and leads to what I...
2 Apr 2012 | 2012
I’ve been wanting to go to the Workshop on the Economics of Information Security (WEIS) for a decade now. This year it is in Berlin so I’m registered, committed with plane tickets in hand for WEIS 2012, June 25-26. Economics of Information Security is...
2 Apr 2012 | 2012
Sometimes it helps to escape the bubble to get new information and fresh thoughts. Below are three recent information points and four observations on regulation and real security after a long trip outside the US. Some of the observations are not new, but they are big...
27 Mar 2012 | 2012
Cybersecurity for Industrial Control Systems by Tyson McCauley and Bryan Singer Get the Kindle Edition Auerbach Publications, 203 Pages I had high hopes for this book since Bryan Singer is very experienced in ICS, ICS security and IT security — and Bryan and...
13 Mar 2012 | 2012
The ISA 99 Security Committee has been hard at work on writing Security Assurance Levels (SAL) into the ISA / IEC standard. It’s been slow going and difficult work, and may prove to be impossible for this committee. The idea of a SAL came from many in the...
8 Mar 2012 | 2012
More information from Japan. As mentioned earlier this week, the Japanese Ministry of Economics, Trade and Industry (METI) has stepped up efforts on ICS security. The trigger was a malware infection spread by email of Mitsubishi Heavy Industries reported in 2011....
6 Mar 2012 | 2012
Over in Tokyo this week visiting customers and old friends, and it’s good to see the level of interest and concern in ICS security is growing. Like the US and rest of the world there still is a long way to go. A high percentage of the Japanese critical...
5 Mar 2012 | 2012
Loyal blog readers should watch last nights 60 Minutes segment on Stuxnet, some of the web extras, and an interesting Overtime segment with Dillon Beresford. You won’t learn much that is new to you, but you will be able to answer questions and comment when your family...
1 Mar 2012 | 2012
SCADA and DCS foster an engineer hero culture. The plant, pipeline or process is not operating properly. The one or two individuals, almost always guys who have 15+ years experience in the plant, are able to troubleshoot the problem, make a change on the fly, and get...
29 Feb 2012 | 2012
Four quick and different points to make in this blog: 1. Eric Byres has started a blog series on the very important defense in depth security concept 2. Defense in depth does not obviate the need for proper risk management and addressing major risks Project Basecamp...
