Cybersecurity for Industrial Control Systems by Tyson McCauley and Bryan Singer Get the Kindle Edition Auerbach Publications, 203 Pages I had high hopes for this book since Bryan Singer is very experienced in ICS, ICS security and IT security — and Bryan and...
The ISA 99 Security Committee has been hard at work on writing Security Assurance Levels (SAL) into the ISA / IEC standard. It’s been slow going and difficult work, and may prove to be impossible for this committee. The idea of a SAL came from many in the...
More information from Japan. As mentioned earlier this week, the Japanese Ministry of Economics, Trade and Industry (METI) has stepped up efforts on ICS security. The trigger was a malware infection spread by email of Mitsubishi Heavy Industries reported in 2011....
Over in Tokyo this week visiting customers and old friends, and it’s good to see the level of interest and concern in ICS security is growing. Like the US and rest of the world there still is a long way to go. A high percentage of the Japanese critical...
Loyal blog readers should watch last nights 60 Minutes segment on Stuxnet, some of the web extras, and an interesting Overtime segment with Dillon Beresford. You won’t learn much that is new to you, but you will be able to answer questions and comment when your family...
SCADA and DCS foster an engineer hero culture. The plant, pipeline or process is not operating properly. The one or two individuals, almost always guys who have 15+ years experience in the plant, are able to troubleshoot the problem, make a change on the fly, and get...
Four quick and different points to make in this blog: 1. Eric Byres has started a blog series on the very important defense in depth security concept 2. Defense in depth does not obviate the need for proper risk management and addressing major risks Project Basecamp...
A number of loyal readers have been sending in examples of vulnerable, Internet accessible control systems. The example below from Patrick Stave of Norway is representative of what we are receiving. In this case, I 100% agree with ICS-CERT that if you have your SCADA...
The fact that Congress has to deal with DCS and SCADA security for the critical infrastructure is another representation of failure by all in the ICS community, but in the US Government realm primarily by DHS as the responsible government agency. Congress can’t...
Project Basecamp highlights the fragility and insecurity in most PLC’s and provides tools so anyone can demonstrate and prove it. There should be no doubt that after ten years the ICS community needs to deal with this, but how? Part 1 covered what Asset Owners...