Here are some more details on the Safety Act Indemnification I mentioned briefly from the PCSF event. From www.safetyact.gov :
“The aim of the Act is to encourage the development and deployment of anti-terrorism technologies that will substantially enhance the protection of the nation. Specifically, the SAFETY Act creates certain liability limitations for claims arising out [...]

I will highlight one of the ten presentations in the Critical Infrastructure track of the InfraGard National Conference each week. I’ve challenged the industry to come up with some new and exciting ideas and information. The Conference is in Washington D.C. , August 9 to 11.
New, Leading (Bleeding?) Edge Control System Security Products
Control system networks [...]

PCSF was another control system security event, so it was only natural that Eric Byres and the team at BCIT had another interesting piece of technology to unveil.
This time it was a sneak peak at their Achilles project that assesses the security of PLC’s and other field equipment. Not a lot of details are available, [...]

IDS systems today work on IP communication. While most would agree these are the comms at greatest risk and the likely future for SCADA comms, the majority of field comms are still serial. In fact, we are often asked if the SCADA signatures we developed work with serial comms.
At one of the many of the [...]

The Intrusion Protection System (IPS) vendors have been pushing to use the Modbus and DNP3 signatures to prevent potential attacks rather than just detect attacks. We have counseled against this in general because a large portion of the signatures detect commands that are probably attacks, but may be legitimate and important commands in rare circumstances. [...]

The big news at day 1 of the PCSF meeting was a DHS proposed method to indemnify control systems related to terrorist attacks via the Safety Act. The Safety Act provides indemnification for any product created to prevent terrorism. DHS believes the indemnification covers both the vendor and the end user.
A key part of this [...]

An interesting quote from a DHS presentation, “DHS, DOE and NIST are coordinating efforts to reduce confusion about our effort.” This was highlighted by the speaker as the most important bullet in the presentation. Obviously these organizations are concerned about the number of questions and complaints about who is doing what and are highlighting that [...]

The PCSF Spring Meeting in Dallas was tremendous, primarily because of the attendees. There were about 150 participants including most of the top experts from from users, vendors, standards bodies, and government. As a regular speaker and attendee of many conferences, I can say without hesitation this was the most worthwhile event to attend in [...]

I’m heading to the PCSF and PCSRF meetings in Dallas today through Thursday. There will be many of the leading SCADA Security players from Government, Industry, and Academia there as well as some large users. Should be a lot of blogworthy information so stay tuned this week.

Doug Howard, VP of Service Delivery at Counterpane, and I recently wrote an article on compliance with the upcoming NERC CIP standards. The article was just published in the latest bi-weekly edition of NewPower Executive.
The new information in this article is an attempt to estimate external product and service costs for compliance to a typical [...]