Friday News and Notes
- Dave Teumim has been a lonely evangelist for rail cyber security for a few years, so it is good to see his efforts gain some traction. The American Public Transportation Association has established a Control and Communications Security working group that is well into drafting a “Recommended Practice for Securing Control and Communications Systems in Transit Environments”. A draft for review is planned by year end. Dave is on my podcast interview list for PCSF so stay tuned for more.
- Wonderware gets nominated for a pwnie award in the Lamest Vendor Response category. I would have nominated Citect over Wonderware.
- ISA99 is slogging through the difficult work in Part 4: Technical Requirements for Industrial Automation and Control Systems. This is where specific and testable security requirements in ISA99 are located. It looks like Part 4 will be split into multiple parts so something can be issued in the next year. Ballot is out now and is likely to pass.
- An addition to Digital Bond’s Vulnerability Disclosure Policy: Digital Bond May Disclose To Affected Clients – - We have asset owner clients in a variety of critical infrastructure vertical markets. After security assessment, architecture, policy and other engagements we know their systems well. Digital Bond may disclose vulnerabilities to affected asset owner clients under a NDA that prevents further disclosure.
Author: Dale Peterson
Posted: July 25th, 2008 under Uncategorized.
Comments: none
Write a comment