hiring
AAA  AAA 

Podcast with Joe Weiss on Control System Security Awareness

In our latest podcast I talk to Joe Weiss about the state of security awareness in the control system community. We talk a little bit about the past and how we got there, but most of the focus is on where we are today. Do asset owners and vendors understand the problem? Are some industry sectors doing better than others and why? What standards and guidelines have been effective (and what have been ineffective)? Where are the biggest security awareness problems today?

 
icon for podpress  Digital Bond Press - Security Awareness: Play Now | Play in Popup | Download

I like talking to Joe because he has strong opinions and a passion for the subject. We don’t always see eye to eye, but who wants to talk to someone they agree with all the time?

We also talk a bit about Joe Weiss’s upcoming Control System Cyber Security Conference in Knoxville, TN from August 13 - 16, specifically about the day on wireless security and security awareness issues with wireless deployments. This is the seventh such conference Joe has put on and his first under his new company Applied Control Solutions.

Author: Dale Peterson
Posted: July 12th, 2007 under Calculating Risk, Conferences.
Comments: 1

Comments

Comment from Jake Brodsky
Time: July 12, 2007, 8:49 pm

As one of the backward water utilities, here is my perspective:

Unlike many water utilities, I can’t afford to wait for regulation to apply to us. Our installed base is large enough that by the time regulations arrive, we’d be on the back side of the power curve, scrambling to stay ahead of them.

Among large water utilities I suspect there are many who either haven’t figured this out or are just noticing the problem. Regulation is a necessary evil, but if we wait for it to happen, we’ll be up to our ears in work that we will probably not be able to comply in time.

Meanwhile, smaller water utilities are still working out of old tone equipment and in to SCADA. The security work required to make half a dozen RTUs and a control center secure pales in comparison to a utility with 150+ RTUs scattered all around a city.

Some problems will be encountered because there are MANY obsolete systems still in service in water utility control rooms. Water utilities tend to be the sort who will run something until it breaks. And that old computer hardware was frequently very well made. A couple years ago I remember a water utility which shall remain nameless asking if we had an 8″ floppy disk with a copy of the SCADA system software they were using. The system they were using had to be at least 25 years old. The floppy disk they were using had finally worn out. Only then did they even consider that they might have a problem.

That’s life in the water industry…

Write a comment