I’ve really been enjoying PJ Coyle’s Chemical Facility Security News blog the last few months. An entry this week on the Chemical Security Board’s Inherently Safer Technology tied into one of my entries earlier this week on MTTR. Here are the key...
The anti-virus update problem provides yet another education and awareness opportunity. Maybe you were skilled or lucky enough that this did not affect your control system at all, or only a portion of the system because of staggered av updates. But if it did, how long...
The first potentially successful effort in the US to have a control system security standard that had must and shall requirements and an audit plan was NERC CIP for the electric sector. The standards were first written broadly with general security requirements that...
Updating anti-virus signatures is important, and we have yet to see an owner/operator consistently and effectively apply the updates manually. So most are now pushing the signature updates out on a periodic and automated basis. [Note the automation is typically...
If a control system is hacked and there are no mechanisms in place to forensically trace the attack, you have no idea how the attack occurred and no clues on what to do to close/remediate the attack pathway. This lack of forensics leaves the system open and vulnerable...
The community is very hungry for threat data. So little is available than we crave and devour any bit. Last year saw the resurrection of the BCIT incident database, or some facsimile of it, into the Repository of Industrial Security Incidents [RISI]. This is one of...
Charles and I are currently working on adding modules into the Portaledge code base that help asset owners and operators to meet NERC CIP logging requirements (for more specifics on Portaledge and NERC CIP requirements see this previous blog post and the...
Yesterday, the Director of the NSA, Lt. Gen. Keith Alexander, now the Presidential nominee to head the new Cyber Command, stated that we should be allowed to counter cyber attacks if we can determine the attacker. Alexander mentioned the US has already responded to...
[I want to try to coin a new term that could be very useful: Control System IT. The discussions on “Operations vs. IT” or “control systems are different than business networks and applications” are legion. And like most long running arguments there is some truth in...
NERC issued an advisory on Rockwell Automation PLC/PAC vulnerabilities. It is odd in many ways. 1. There is no new information. This is all old news. 2. So many field devices used in this electric sector have these same or equally important security deficiencies. Are...
