Here is a link to my presentation, Intrusion Detection and Security Monitoring of SCADA Networks, from ISA Automation West. There also is a technical paper available from the conference. The paper and presentation provide good background for our DHS research project as well.
Thanks to Tom Phinney for planning and chairing the [...]

There was not a lot of information security activity at the ISA Exhibition or Conference. However, many of the industry’s security experts were gathered in Long Beach for the related ISA SP99 meetings. A couple of highlights from the meetings:
Technical Reports 1 and 2 are now published and available at ISA. I [...]

PCSRF has released Version 1.0 of the System Protection Profile (SPP). While this document has steadily progressed, it is far away from a traditional Version 1.0. In my experience, Version 1.0 of a standard indicates the first completed and accepted version of a standard. We have identified many problems in the important [...]

We will be providing a lot of information about our Intrusion Detection and Security Monitoring of SCADA Networks research project in the coming months, but here is a first look at an opportunity for you to get involved.
This link is a one page overview, first set of questions, and reasons to get involved that we [...]

We have added information on CIDX (Chemicals) and AGA (Natural Gas) SCADA security standards efforts to our SCADA Security Web Page. These two organizations have taken very different approaches. AGA has a narrow, technically specific approach for an add-on encryption module. CIDX is focusing on broad based guidance and leaving the [...]

It sounds like the wine industry is moving towards process control networks. It would be too much to hope for to get paid to hang out at some Napa wineries. Can we consider the wine industry part of the critical infrastructure?

The American Gas Association (AGA) 12-1 Cryptographic Protection of SCADA Communications is an encryption standard designed to protect communication in transit over the network. I’ve always been a bit skeptical about encryption as the answer to SCADA security communications because confidentiality is generally less important than integrity or availability for process control systems. [...]

You wouldn’t expect an organization named the General Accounting Office (GAO) would provide information on protecting the critical infrastructure, but they do. In October 2003, the GAO produced one of the best documents describing the escalation of risks to SCADA networks. You will see excerpts from this report in many SCADA security presentations [...]