Friday News and Notes
- Bryan Singer has a magnum opus post and a few predictions about upcoming cyber attacks and events on control systems. I know of a few non-governmental people working on some pretty compelling scenarios as part of quantifying risk projects.
- Tomorrow, Sept 1st, is the deadline to join the ISA Security Compliance Institute (SCI) as a founding member. On Wednesday, Andre Ristaino posted that interest in SCI has been “overwhelming” and they have “commitments for Founding Strategic Membership from a balance of leading asset owners and suppliers in the control system community”. Their goal is to begin testing compliance to some yet to be defined criteria in June, 2009.
- PennWell is now producing a quarterly e-newsletter titled Security The Power Grid.
- Triangle MicroWorks has released the Secure DNP3 protocol enhancements into their source code library. This is big because many DNP3 implementations use the Triangle MicroWorks stack. (hat tip: Grant Gilchrist)
- Beyond Security found and disclosed a vulnerability in the Wireshark DNP3 dissector that could prevent Wireshark from capturing data. This should not affect any control systems since Wireshark is a security and communication analysis tool rather than part of a control system. It is yet another example of control system security by obscurity slipping away.
Author: Dale Peterson
Posted: August 31st, 2007 under Uncategorized.
Comments: none
Write a comment