In 2005 the I3P gave $8.5M to ten different organizations, mostly universities, to perform research on six SCADA security tasks. This is a two year project and some of the results are beginning to come out. You can download the papers on the I3P site.

There are not that many companies focused on SCADA security, and two of them combined this week when Verano acquired Plantdata.
Verano makes a SCADA SEM product, recent blog entry, and OEM’s other security products for resale under the Industrial Defender line.
Plantdata did a little of everything – SCADA and SCADA security consulting, training, and product [...]

First impression: apparently you had to “be there.” To me, only 19 slides on SCADA Security was sort of a let down. If you were looking for technical content (which I thought was the whole reason to go to Blackhat, apart from the gambling and drinking) you are better off checking out the SCADA Exposed [...]

There was an excellent question today on the SCADA Mailing List about idea of creating a application layer proxy for DNP, Modbus and, IEC protocols.
I would reframe the question more broadly into the issue of adding protocol awareness to filtering devices. BTW, the whole packet filter vs. proxy debate seems very 1990s to me, so [...]

Apparently January is survey month here at Digital Bond.
However, I highly encourage our readers to take Richard Forno’s survey which is in support of his thesis, “The Duality of Disclosure: Information Sharing and Critical Infrastructure Protection”
This research project seeks to understand how secrecy and openness can be balanced in the analysis and alerting of security [...]

I hit the AHR Expo floor this week and attended the Building Intelligence Tour in Chicago. In terms of network/application security awareness, the building automation folks definitely seem to lag behind where we are in SCADA. More on that later. Also, it also seems like lot have drunk from the “Convergence Kool-Aid”
But their adoption of [...]

I rarely see a new security product that is exciting. (I think the last was Cisco’s NAC). I stumbled across another one at our local ISSA conference in S. Florida, Core Security’s CORE IMPACT. This is not a new product, the first release was in 2002, but it has had many enhancements since the initial [...]

A very specific and immediate standard effort is under way in the IEEE, PES Substation Committee, Working Group 1 to define the required security for IED’s in Substations. P1686 is scheduled to be completed in December 2006. One of the main benefits of this project will be a checklist of very specific security features against [...]

As part of the BCIT/Digital Bond OPC Security Good Practices Research Project sponsored by Kraft Foods–ISA and OMAC have distributed an OPC Deployment Questionnaire developed to help us ground our ongoing research and provide the most relevant set of security practices to end users.
Among the topics in the survey are OPC usage, operating system/vendor platform, [...]

Draft 4 of the NERC CIP standard is out, and this may be the set of standards that goes to ballot and is approved. There is a NERC summary of the changes available here, and I’m in a middle of a blog on the changes.
The big change isn’t the standards; it is the implementation schedule. [...]