ISA’s Automation Standards Compliance Institute (ASCI) shared some details on the ISA 100 Wireless Compliance Institute, a parallel organization to the Security Compliance Institute. The WCI is looking for a $10K contribution which is substantially less than the SCI’s $50K annual contribution. The WCI should be able to leverage SP100 to a greater degree than […]

This honeywall update includes our four latest IDS signatures which aid in detecting points list and function code scans on DNP3 and Modbus TCP. These signatures play an important role in identifying a reconnaissance scan on PLC’s, RTU’s, and IED’s in a control system environment. In regards to the honeywall, roo-1.2 has been released for […]

Some of the team members from the TCIP initiative were at the Dept of Energy Open Science meeting. This five year, $7.5M program is funded by the NSF with involvement of DHS and DoE. It has been up for almost two years now and has been relatively quiet in terms of publicity as compared to […]

After two days the group working on control system security identified two potential Priority Research Directions (PRD’s). These were written up in a one page quad chart, and now a smaller team is writing them up in the DoE format for funding consideration.
The organizers brought in a few speakers to get the group thinking; Steve […]

The summer 2007 edition of InfraGard’s Gardian publication has an article we wrote on SCADA Honeynets. The article provides a brief overview of the topic and some of the results from the SCADA Honeynets, which appears to the attacker to be a PLC, we have deployed in substations and on the Internet

Today and tomorrow I’m participating with about 150 others in the Dept. of Energy’s Cyber Security Research Needs for Open Science Workshop, and a significant portion of this is related to control system research needs. The workshop is sponsored by Office of Science (Advanced Scientific Computing Research) and Office of Electricity Delivery & Energy Reliability.
The […]

Summer is slowing down but there are two items from the CSSP for this Friday’s News and Notes.

A recommended practice is now available for Securing ZigBee. It was written by Lawrence Livermore for DHS.
A large (139 page) Catalog of Control System Security Requirements was developed by the National Labs for DHS. This document is […]

I must admit to being pleasantly surprised by the poll results. My expectation was a 50 / 50 split between vendor only and vendor + US-CERT responses. We will leave the poll open, but at this time 87% of respondents chose disclosure to the vendor + US-CERT. Based on this sample the preferred response for […]

The latest Friday News and Notes entry has an interesting comment thread going on the value of government regulation of SCADA security with myself, Jake, Ron, Ralph and Bryan weighing in.
Some think it is the only way to get action from the majority of asset owners. Others feel it results in a bureaucratic mess that […]

Now that we have this polling figured out there is a question we have been interested in asking for a long time on the controversial issue of vulnerability disclosure in control systems.

How should vulnerabilities in control systems be disclosed?

Disclose only to the affected vendor who will determine further disclosure

Disclose to the affected vendor […]