We have a number of interesting results for the Intrusion Detection and Security Monitoring of SCADA Networks Research Project (formerly known as the DHS Project in this blog) that will roll out in the 1st quarter of 2005.

The first change you will see is the research results will be available online to anyone with a […]

We received some bad news to end the year. Phase II of our Intrusion Detection and Security Monitoring of SCADA Networks project was not funded by DHS. The proposal scored very high, 18 out of 20. This put it in the High Priority / Funding Recommended category, and all of the comments on the review […]

My article on the 13 funded DHS research projects did make the December edition of Control magazine. Check it out on page 39.

Eric Byres’ and Justin Lowe’s statistical analysis of industrial control system security incidents is available online at the tswg site. The main points in the analysis are:

The source of attacks has shifted towards external attackers (from 31% pre 2000 to 70% post 2000).
The number of reported events is increasing (from 13 in the period of […]

I just finished my last business travel for the year, after what has been a couple of months of life on the road all over the US. I hope all of you are able to close things down a bit and get home for the holidays.
Merry Christmas, Happy Holidays, and Best Wishes for a […]

Control Magazine has published online my article on the Phase I DHS Research Projects. I believe it is in the December edition of the hard copy magazine as well.
I wrote this article back in June after the Phase I awards. The article gives a synopsis of the 13 research projects. Phase I is complete, and […]

From a Siemen’s presentation at MS-MUG
“It is dangerous for ANY side to manage a manufacturing network:
- The Plant operators are not IT skilled enough
- The IT operators are not plant-floor aware
We are right now in a dangerous situation where these two worlds collide and neither is willing nor has the time to intensively try to […]

I received a few e-mails on my last entries enthusiastic support for NERC 1300. I agree that the 1300 document has much less detail than many of the other efforts, such as ISA’s SP99, and the document is still rough in many areas. The current draft received over 700 pages of comments.
The reason I like […]

The November issue of InTech magazine is filled with interesting articles including the case for a frame relay WAN infrastructure, an overview article on ISA-95 and the emergence of manufacturing execution systems, and a commentary by Joe Weiss on the back page.
Joe’s commentary deals with the difficulty of proving a business case for SCADA security […]

An Invensys white paper on process control security architecture and practices is now available on the Internet.
The paper has some nice diagrams on segmenting networks into zones and a helpful best practice checklist (page 11). The paper puts a little more emphasis on intrusion prevention systems than I’m comfortable with, but that is a […]