I’ll be at the SANS SCADA Security Summit next Monday – Wednesday. On Wednesday I’ll be presenting, “You Have No Integrity” with numerous technical and ethical examples. Say hi or throw tomatoes if you are there.
The National Association of Regulatory Utility Commissioners (NARUC) has issued Version 2 of Cybersecurity for State Regulators with Sample Questions for Regulators to Ask Utilities. I hear good things about this document, and it’s on the reading list.
Congratulations to Ralph Langner for being named a Non-Resident Fellow to the prestigious Brookings Institution. This should help get sensible ICS security and “cyberwar” thought to senior policy makers.
Version 5 of the DHS/INL Cyber Security Evaluation Tool (CSET) is now available for download. We will be using it as part of an assessment, by customer request, later this month and will have a review in March.
The Journal of Strategic Studies has published my article titled, Offensive Cyber Weapons: Construction, Development and Employment. I’m told it will be made freely available after the hard copy issue has been available for a while. The article goes over how I believe a team would development and pre-stage ICS cyber weapons if tasked … or at least how I would do it.
Yokogawa announced a global partnership with McAfee. This continues a trend of ICS vendors pairing up with security vendors to more tightly integrate security software into their systems. (although the increasing use of the marketing buzzword holistic makes me cringe)
Also on the partnership front, Alstom Grid and Capgemini announced a joint effort to “launch a real-time, cloud-based integrated distribution management system (IDMS) and a new cloud-based demand response management system (DRMS).”
NIST has Revision 4 of NIST SP800-53 out for comment. This document addresses security controls and requirements for US Federal agencies. Beyond TVA, Bonneville Power and a few others it doesn’t affect the critical infrastructure much. However many standards and guideline efforts map their controls to NIST SP800-53 to show completeness.
Tweet of the Week
Worth Reading Articles
- Ars Technica We’re Going To Blow Up Your Boiler
Critical Intelligence’s ICS Security Event Calendar Updates
- EnergySec NERC CIP Compliance Training, March 3 in Pittsburgh, Pennsylvania
- ICS Security Sessions at SMI’s Oil & Gas Telecommunications, March 13 in London, UK
- EnergySec Tech Talk Grid Modernization, May 1 in Hartford, CT
Critical Intelligence provides reports and other information products on Cyber Situational Awareness and Threat Intelligence services for Industrial Control System Owner/Operators, Vendors and Government stakeholders.
Image by chrisinplymouth