I’m just back from the first face-to-face meeting of Working Group 4’s effort to write ISA SP99 Part 4. Part 4 will contain normative requirements for technical security measures in control system devices, sub-systems and systems. This means that vendors, integrators and asset owners will be able to verify or audit compliance with SP 99 [...]

There has been an effort underway for over a year now to develop a compliance organization for control system security standards. It was started at PCSF 2006 in San Diego by Eric Byres as the Control Systems Security Foundation. After some organizational research and feasibility studies it was taken over by the ISA’s Automation Standards [...]

Want to see what the chemical industry is doing for control system security? Check out the American Chemistry Council’s site devoted to the topic. There are some white papers and resources there, but many leading experts in the chemical sector continue to contribute to ISA SP99 as well.
Cisco has a derivative product offering targeting the [...]

Next week in Scottsdale there will be a three day face-to-face meeting to begin drafting a structure and table of contents on SP99 Part 4. Parts 1 to 3 provided useful guidance and  defined terms and models and set the stage for Part 4. Part 4 will be a normative standard meaning there will be [...]

The call for papers is out. Send an abstract on your brilliant control system security research to S4@digitalbond.com and get a slot in the SCADA Security Scientific Symposium (S4) 2008 program on January 23 – 24. We offer the most generous speaker program in the community so even humble grad students can present their papers [...]

A survey in Control magazine shows that 44% say a Safety Instrumented System (SIS) should not be connected to a process control system, while 56% say it’s safe to do so. Of course you can guess my opinion on this, but either way you look at it about 50% are wrong.
The industrial firewall space is [...]

I’m prepping for my podcast interview with Joe Weiss on security awareness in control systems and came across one point that didn’t make the cut, but is still interesting.
Some people in the community get very upset when SCADA is used as a term to cover all control systems. They have a point that SCADA are [...]

We have created a SCADApedia entry on Secure DNP3 as a companion to the recent podcast with Grant Gilchrist. We should have a DNP3 entry up in the next day or so for those new to the protocol.
Also don’t forget the DNP3 IDS signatures that have been deployed in many of the commercial IDS and [...]

Our first podcast is now available.

Here is a direct link to the podcast if your reader blocked the embedded reader.
In it I talk with Grant Gilchrist of EnerNex about the Secure DNP3 protocol developed by the DNP User Group. Grant was one of the Secure DNP3 authors and explains the protocol and the reasoning behind [...]

This was a slow news week:

Brian Singer is blogging now at CIPIQ, which is a subset of the company he works for FluidIQ
You may have noticed no SCADApedia updates on June 1. We were occupied figuring out the podcast thing and have resumed work on it this month. Our first podcast on Secure DNP3 with [...]