Boredom / Not Better Limiting Vuln Response Bashing

I was taken to task in a conversation at the OSIsoft User Conference – – why didn’t Digital Bond and others rip into the vendors and ICS-CERT over the response to Luigi and other SCADA security vulnerabilities as in times past? He went on to explain...

OSIsoft User Conference News & Notes

The OSIsoft User Conference was bulging at the seams with about 1500 eager attendees, and it seemed like even more. It was a very upbeat group looking for what else they could do with the data they are collecting. User Groups in general are so much more optimistic and...

OSIsoft: No, No, … Yes

I have always been amazed by Pat Kennedy and OSIsoft’s ability to say no and then the implementation skill to make it pay off. With a dominant installed base in the Energy Sector and significant market share in other process related industries, OSIsoft...

Interview with Luigi Auriemma of 34 0day ICS Vulnerabilities

Luigi Auriemma, of yesterday’s 34 0day ICS vulnerabilities, was kind enough to answer some questions we had. I would have preferred a podcast, but neither my Italian nor his English allowed that. I have slightly edited his responses for English/clarity, but...

Smartphone and iPad Access To ICS

The ICS security community is seeing a lot of new products and advertisements offering the ability to monitor and control your process from anywhere with a smartphone or iPad. The trend is almost certainly going to increase with the growing market penetration and...

Another Subcommittee Hearing . . . Yawn

The U.S. House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies had another panel/hearing on “Examining the Cyber Threat to Critical Infrastructure and the American Economy”. This link has the video of Chairman...

NERC CIP Violations

NERC publishes a monthly Key Compliance Trends presentation that has interesting statistical detail on NERC violations, about half of the violations are CIP. This is actually good, detailed info that someone who is immersed in the NERC CIP could really use to track...

Now ISA Has A Cyber Threat Gap Analysis Task Group

Our last post was on the NERC Cyber Assessment Task Force. Although this is a distraction from the NERC CIP next version, it makes sense for NERC to look at how to detect and isolate an attack on a large segment of the bulk electric system. I’m sure it is just a...

NERC Cyber Assessment Task Force

We had a note on the new NERC Cyber Assessment Task Force in the Friday News and Notes blog. Here’s some more information and thoughts based on the Powerpoint from the CATF conference call. “The primary intent of the CATF is to consider the impact of a...

Public / Private Partnership

One of the buzzwords and oft stated goals is to develop a successful public / private partnership, and this came up quite a bit at Smart Grid Security East. Perhaps we are mistaken in expecting it to regularly work or even believe that it can be successful in most...