INL has “completed” a security assessment of LiveData ICCP server. “The project identified one vulnerability, which was remedied and patched in the field without any adverse impact on existing installations.”
This is interesting. How did LiveData notify its customers of the vulnerability and patch? An update from 27 Nov 2007 is on their site, but no […]

Telvent issued a press release this week including “announced today the successful completion of the first phase of a research and security assessment, guaranteeing the security of the OASyS DNA 7.5 SCADA.” So you now have a guarantee. I’m sure the marketing guys are to blame because the technical security talent at Telvent is top […]

Here is our list of the top ten stories rated by immediate and expected long term impact on the community. (See the 2006 list)
1) Aurora
An easy choice for number one. Even though we have had both control system and IT experts give apocalyptic quotes for years on how they could easily take down large parts […]

The next MSMUG Manufacturing Summit will be held April 2-4 at Microsoft in Redmond. Not much has come out of this group in years past, but it is a good chance to talk with Microsoft senior management. Attendance will be limited to 150.
Interesting research model where ABB and 9 of their customers pool dollars to […]

After the furor of Aurora and the Congressional hearings FERC is proposing to collect “information in connection with steps being taken by the electric industry to address potential cyber vulnerabilities”. The proposing part of this equation has to do with the FERC rulemaking procedure and requirements for public comment which I don’t claim to be […]

The second S4 paper on control system security metrics comes from a DHS NCSD supported project that teamed INL researchers with Marie Farrer of Securicon and Zach Tudor of George Mason University. Miles McQueen and Wayne Boyer are letting have selected Sean McBride of INL present the paper: Measurable Control System Security through Ideal Driven […]

Looking for some interesting light reading this weekend? Check out the Q & A with Bruce Schneier on the Freakonomics blog.
Bruce is often a contrarian. His answers on passwords are always amusing. He is a skeptic on the cyber threat to the critical infrastructure.
Q: How worried are you about terrorists or other criminals hacking […]

A slow news week:

Eric Byres has joined Mu Security’s Advisory Board. A great get for Mu, and it adds more heat to the Wurldtech / Mu competition.

Watching the S4 registration this year there definitely is more control system security interest from Europe. I asked a couple of people what is driving this and evidently the […]

I’m very pleased to announce that Steve Lipner, Microsoft’s Senior Director of Security Engineering Strategy in Trustworthy Computing, is the Day One Keynote at our SCADA Security Scientific Symposium (S4). All physical attendees will also receive a copy of his book, The Security Development Lifecycle. See the full agenda and register.
Steve’s keynote is titled […]

Someone please smack me in the head if I am dumb enough to wade into that tired IT vs. Control System discussion again.