Hope everyone is enjoying the holidays. As things slowed down a bit I had time to review and comment on the PCSRF Protection File in detail. Here is a link to my comments.
The comments are separated into general, specific, and grammar/format sections and refer to the draft by line number. […]

On Friday the first draft of the System Protection Profile for Industrial Control Systems was issued by PCSRF. The draft was written by a contractor with Common Criteria experience, but limited process control experience. Now the PCSRF members will review and comment.
We have not reviewed the document in detail yet. […]

I had the chance to see a friends ISS Fusion system in action on a large corporate network just before the Thanksgiving holiday. Before I talk about Fusion, let me set the stage.
Let’s say you purchase an intrusion detection system (IDS) with network sensors and host agents for your SCADA system. You also […]

The traditional and best practice approach to SCADA security is to separate your operator stations, or HMI, from your real time and database servers both logically and phsyically in a control center. The servers are in a separate, locked room or cabinet accessable only by administrators. What do we do now when all the SCADA […]

The October issue of Intech has a security article on SP99 that is quite good. However, one of the four myths listed early in the article greatly overstates the case.
The second myth: “In the IT world, the primary focus is to protect the central server and not the edge client. In process […]

I had the pleasure of participating in the two-day Security Symposium at the ISA Expo 2003. I presented on taking advantage of the security standards in Windows such as IPSec, strong authentication, single sign-on, and Kerberos. Most HMI and many of the newer server systems run on Windows. Our approach is to […]

This demo has been making the rounds of the trade shows over the last couple of years. It is both simple and a powerful demonstration for those without an IT background. Basically, the Modbus protocol has virtually no security. It is easy to recover passwords using a sniffer, and in many cases […]

Yesterday I gave a presentation to about 200 SCADA users at the Telvent User Group Conference. It always is a pleasure to talk to and learn from actual end users of these systems. My presentation focused on adapting security monitoring and intrusion detection for process control networks.
Why monitor the cyber security of your […]