SCADApedia
AAA  AAA 

Friday News and Notes

  • Verano, after purchasing Plantdata and e-DMZ, has renamed and branded the entire organization Industrial Defender.
  • The tentative agenda and registration is open for Joe Weiss’s annual security conference. He put on six while at KEMA, and this is his first on his own. I imagine Joe will be highly motivated to make this one of his best.
  • DHS’s Control System Security Program (CSSP) now has a one-hour, non-technical web-based control system security course. (hat tip: the ubiquitous Ron Southworth)
  • We had an asset owner ask for a corporate subscription to Digital Bond content so we created a $500/year corporate subscription. It is not available to order online so contact info@digitalbond.com if you are interested.
  • The Control System Security Certification Organization (CSSCO) held a two-day closed door, invite only organizational meeting. Information on the structure, purpose and plans of the CSSCO should be released shortly.
  • Shy and reticent Digital Bond alumni Matt Franz has an interesting blog entry on his security testing life at Cisco and Achilles Certification. “So what are the takeaways? Sometimes, the risks of setting the bar too high outweigh something that is good enough. The perfect is commonly the enemy of the good and there are always too many excuses not to do something now that solve part of the problem vs. planning something that might solve the entire problem. And I think this is one of the reasons why we see the first security certification of this type in the parochial world of SCADA and not somewhere else.”

Author: Dale Peterson
Posted: May 18th, 2007 under Uncategorized.
Comments: 2

Comments

Comment from Jake Brodsky
Time: May 18, 2007, 10:52 am

The CSSCO effort (whatever it may eventually be) will help fill a void which has been nagging me for some time. Many have approached this SCADA security problem. However the biggest issue is figuring out who really has the background and experience to be capable of passing judgement on this sort of thing.

I don’t expect a certificate to be the total solution, but it is a start. Like any other certification, CSSCO certification would be but one missing piece of the puzzle. We need to applaude this effort and also recognize that we need other areas of experience, education, and certification as well.

Comment from Ron Southworth
Time: May 19, 2007, 6:27 pm

Sounds Like a good heap of letters to add to your business card Jake.

The ISA is talking about creating a similar accreditation for Process Control as well. Do you see accreditation for individuals as a means to “clean up the industry” or as a mechanism to change the culture of the industry?

Write a comment