Our last post was on the NERC Cyber Assessment Task Force. Although this is a distraction from the NERC CIP next version, it makes sense for NERC to look at how to detect and isolate an attack on a large segment of the bulk electric system. I’m sure it is just a...
We had a note on the new NERC Cyber Assessment Task Force in the Friday News and Notes blog. Here’s some more information and thoughts based on the Powerpoint from the CATF conference call. “The primary intent of the CATF is to consider the impact of a...
One of the buzzwords and oft stated goals is to develop a successful public / private partnership, and this came up quite a bit at Smart Grid Security East. Perhaps we are mistaken in expecting it to regularly work or even believe that it can be successful in most...
Innominate has a PR type sending around a recent white paper, Post‐Stuxnet Industrial Security Zero‐Day Discovery and Risk Containment of Industrial Malware with the Innominate mGuard Technology. My last info on Innominate was they had a field firewall,...
An interesting but somewhat confusing document was issued this week by the Dept of Energy, Audit Report: Federal Energy Regulatory Commission’s Monitoring of Power Grid Cyber Security. This audit, performed by the DoE Office of Inspector General, assesses...
George Gary Mintchell of Automation World/Feed Forward Blog and I have had a difference of opinion on the Automation Press in a few areas including the kid gloves treatment of Siemens regarding Stuxnet. He has a blog on this titled “Cybersecurity...
It’s a great idea for ICS-CERT to write a year in review document, especially with sections on lessons learned. That said it is so disappointing to see ICS-CERT continue to ignore the PLC/RTU ramifications of Stuxnet, fail to acknowledge their serious...
