I arrived a bit late to Eric Byres meeting. The basic proposal was to create a Control Systems Security Foundation (CSSF). The Foundation would create benchmarks / best practices at different levels, and then set up a method to test and certify products. The TUV organization was referenced a few times as an example.

It is an ambitious plan to create the Foundation as a legal, self-sustaining foundation. There was talk of a charter, business plan and $300K to $500K to get it going. It is another ambitious plan to create the meaningful benchmarks and valuable testing.

There was a lot of understandable interest, from vendors and large asset owners, in a widely recognized seecurity certification. Getting from here to there is the challenge. It will be interesting to watch.