Last week President Obama provided a legislative proposal on cybersecurity with a potentially large impact on the ICS community. Actually it is a number of legislative proposals in a single document. A portion of it covers government “evaluation” of...
We have been early and big fans of SCADA virtualization for servers and workstations. Not for the server consultation consolidation benefits that drive most IT virtualization projects. Control systems have a surprisingly small number of servers and workstations so...
The semi-annual Industrial Control System Joint Working Group Conference is traditionally the best place to catch up with everyone in the ICS Security community. DHS puts on a solid program, and there is a certain feeling you need to be here even though there have...
The mass of vulnerabilities and related proof-of-concept exploit code released by Luigi Auriemma were a new event and test to the ICS world. Let’s take a look at the progress one month later – – and it is good news. Siemens First, my prediction that...
Statements by DHS Secretary Janet Napolitano just knocked be off my 12-step program to stop Stuxnet blogging. She was quoted in a Computer World article saying: “The key thing we learnt from Stuxnet was the need for rapid response across the private...
The ICS Security Community had an interesting event, or perhaps a test, this weekend with the false report of a FPL Wind Farm in New Mexico being hacked. So far we know of a similar, but not identical, emails providing details of the hack hoax being sent to three...
The Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) is an academic research effort led by University of Illinois and funded by the US Department of Energy and DHS. And at almost $19M for five years, it is not a small effort. Even prior to this...
Siemens and McAfee announced today that McAfee’s Application Control whitelisting product has been tested or modified to work with a variety of Siemens PC-based products that were compromised by Stuxnet. (HT: Smart Grid Security Blog) We have been very critical...
I’m seeing two trends in the anecdotal evidence collected in 2011 while on-site with asset owners, primarily pipeline SCADA and power plant DCS: ambition in the security program and attention to reasonable computer and network equipment lifetimes. While the...
The preponderance of ICS security professionals recoil with the concept of smart phones having any role in SCADA or DCS. As covered in an early blog entry, there is a big difference between using smart phones for control and using them to view data that has been...