ISA SP99 Part 2 is out for ballot a second time with comments after addressing the first ballot comments.
An opportunity for control system security research funding has opened in Europe. The EU will spend at least 20 million euro on this Critical Infrastructure Protection Research. Good news for our European researcher friends.
Ron Gula from Tenable […]

The 90’s were filled with hope on the IT / SCADA front. Asset owners could save money by just moving to the Windows platform. Put web servers in most systems so the browser is the easy to use, universal GUI. Connect everything so information can be used throughout the organization and control can occur wherever […]

Wireless for control systems has been a hot topic for a few years now, and recently we have been treated to the efforts of different groups, i.e. ISA 100 and WirelessHart, to develop a standard that includes security. Which leads to the question how does the use of wireless increase the risk to a control […]

We mentioned AppID’s in our introduction of the OPC Security .audit files for use in compliance testing with the Nessus Vulnerability Scanner.
While it is not difficult to find the AppID for your OPC server, we have started a SCADApedia page with the AppID’s to help you out. A lot of this information came from Lluis […]

ISA decided to go forward with a Security Division. Read the announcement and listen Bryan Singer talk about this at the Weiss Event Interview podcast (at 29:25).
US-CERT has added a Control System Security topic area to their Build Security In efforts. There is a call for authors and reviewers. It will be interesting to see […]

Part 3 of the recently released OPC Security whitepaper series provided step by step instructions for implementing the available security measures for OPC clients and servers. It is complex, and we wondered if there was a simple way to audit OPC servers compliance with Part 3. We still are wondering, but we have a partial […]

When iccpsic was released to vetted subscribers, Matt Franz reminded me that other systems, such as VoIP, use part of the utility stack fuzzed by iccpsic. Siemens PLC’s use the portion of the stack that is fuzzed by iccpsic.
After my last post, I thought it was time for some good news. Ralph Langner of Langner […]

Frustration building . . . must keep civil tone . . . another silent fix in widely used control system application passes by our doorway . . .
This site has had a running series of blog entries on vulnerability disclosure including discussions on the dangers of the “silent fix”. A silent fix is when a […]

Honeywell is first out of the box announcing founding membership in ISA’s Security Compliance Institute (SCI), background on SCI is in this blog entry. The target was 15 founding members by September 1. ISA has not announced the founding members yet.
Emerson announced a marketing “collaboration” with Cisco wireless solutions. This type of announcement, whether it […]

It was a very long time in the works, and I have to give Eric Byres a lot of credit for his diligence in getting reviews and incorporating feedback from a cast of thousands for Part III. The final part of the OPC Security Whitepaper Series written by Byres Research, Digital Bond and BCIT is […]