Here is our list of the top ten stories rated by immediate and expected long term impact on the community. 1) Aurora An easy choice for number one. Even though we have had both control system and IT experts give apocalyptic quotes for years on how they could easily...
Saga may be overstated since the process did not take that long, but it was a classic example of why we don’t agree with leaving disclosure decisions up to the vendor – – or the researcher. Our approach is to let a coordination center, US-CERT in...
Many of the large electric and oil/gas asset owners either have purchased a Security Event Manager (SEM) or use a managed security service provider (MSSP) for monitoring security on the enterprise network. Now that we have identified meta security events occurring in...
A few friends have pointed out we need to come up with a project name or acronym for our DoE research contract project. Suggestions would be welcome. There are three parts to this project, and all are described in more detail in the Project Narrative. Compliance...
We are thrilled to announce that Digital Bond was one of five companies selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically advanced controls and cyber-security devices into our electric grid and energy...
Representatives from NERC, Joe Weiss and a couple of other experts will be testifying tomorrow to a subcommittee of the House Committee on Homeland Security. Of course as nothing more than a researcher/consultant/humble blogger I was not asked to testify, so...
The 90’s were filled with hope on the IT / SCADA front. Asset owners could save money by just moving to the Windows platform. Put web servers in most systems so the browser is the easy to use, universal GUI. Connect everything so information can be used...
Wireless for control systems has been a hot topic for a few years now, and recently we have been treated to the efforts of different groups, i.e. ISA 100 and WirelessHart, to develop a standard that includes security. Which leads to the question how does the use of...
Frustration building . . . must keep civil tone . . . another silent fix in widely used control system application passes by our doorway . . . This site has had a running series of blog entries on vulnerability disclosure including discussions on the dangers of the...