John Saunders with the National Defense University has been one of the most active participants in the control system security education and workforce development area. After seeing him again working on these issues at ICSJWG I wanted to get his view on the best way...
Byres Security and Invensys have announced a Tofino Firewall module for the Triconex Safety System. It looks an industrial device and has similar environmental specs, -40 to 70C, Class I Div 2 and Zone 2 approved. What is new about this product is OPC application...
Last week the ISCI, after quite a long delay, published draft requirements documents for 2 of the 3 legs of the Embedded Device Security Assurance [EDSA] certification. The Software Development Security Assessment and Functional Security Assessment documents are now...
In integrating IDS events into Portalegde one question becomes paramount. Namely: “Which events do we include?” As Portaledge will perform correlation and aggregation on all of the events “fed” to it, choosing a set of events that provides...
I’ve really been enjoying PJ Coyle’s Chemical Facility Security News blog the last few months. An entry this week on the Chemical Security Board’s Inherently Safer Technology tied into one of my entries earlier this week on MTTR. Here are the key...
The anti-virus update problem provides yet another education and awareness opportunity. Maybe you were skilled or lucky enough that this did not affect your control system at all, or only a portion of the system because of staggered av updates. But if it did, how long...
The first potentially successful effort in the US to have a control system security standard that had must and shall requirements and an audit plan was NERC CIP for the electric sector. The standards were first written broadly with general security requirements that...
Updating anti-virus signatures is important, and we have yet to see an owner/operator consistently and effectively apply the updates manually. So most are now pushing the signature updates out on a periodic and automated basis. [Note the automation is typically...
If a control system is hacked and there are no mechanisms in place to forensically trace the attack, you have no idea how the attack occurred and no clues on what to do to close/remediate the attack pathway. This lack of forensics leaves the system open and vulnerable...
The community is very hungry for threat data. So little is available than we crave and devour any bit. Last year saw the resurrection of the BCIT incident database, or some facsimile of it, into the Repository of Industrial Security Incidents [RISI]. This is one of...
