ISA 99, the Security Committee in ISA, has sent ISA-62443.03.03 (99.03.03): Security for Industrial Automation and Control Systems: System Security Requirements and Security Assurance Levels out for ballot.
Two press releases from Industrial Defender this week. The first is UK’s E.ON announced ID “as the exclusive provider of security and compliance technology for the company’s automation infrastructure.” Even if you like ID, this makes no sense. Why would you limit yourself to products that ID OEM’s or even ID services. Preferred I understand, but exclusive? The second is on managed security services. ID is making a push in this area, but I could not see anything new in this press release.
Interesting speculation on a blackout in Chile this week. The SCADA system did not cause the outage but hampered recovery. “The loss of this computer system caused an information blackout which meant that the recovery process had to be verified between CDEC and various electric companies by phone.”
Infosecurity reports on potential turmoil at DHS’s ICS security program with the resignation of Sean McGurk and Randy Vickers. I would like to think it was a delayed reaction to DHS’s poor response and misleading testimony on Stuxnet, but it is something else.
Tweet of the Week
Weekly Updates From Critical Intelligence
Worth Reading Articles
- Christian Science Monitor article, From The Man Who Discovered Stuxnet, Dire Warnings One Year Later
- SCADASEC entries on Design Flaw vs. Vulnerability by Tom Maufer and Jake Brodsky DP Note: Read my take on this issue
- Threatpost Article, DHS Thinks Some SCADA Problems Are Too Big To Call “Bugs”