Christmas Friday, in Japan, News and Notes. Happy Holidays to all loyal blog readers.

The Australian Government has published their Cyber Security Strategy. Control system security is discussed in conjunction with “Systems of National Interest”. [hat tip: Ron Southworth]
The DHS sponsored Industrial Control System Joint Working Group [ICSJWG] announced their spring meeting will be April 6 [...]

In my last post I introduced Malcolm Gladwell’s Capitalization of Talent concept and concluded that the capitalization rate of SCADA security talent in the control system community rate is low. Here are some reasons why in no particular order:

Security 101 is dull – All too many control systems are at the point where they need [...]

Almost everyone in the community, even the optimists like myself who have seen impressive progress by some vendors and owner / operators, bemoan the pace of improved security postures across the control system community. And we try to figure out why this is and how to correct it.
So enter a conversation between Bill Simmons, the [...]

The S4 Hotel is fantastic. Right on the beach, beautiful rooms and balconies, and at $209 in season it is a fantastic deal [that is about a 50% discount]. Check it out.
The last day to guarantee you can get that rate is Wednesday, December 23rd. I know some of you can’t get the funds to [...]

The keynote at S4, like many aspects of the event, is different than most control system events. Rather than picking a big name in the SCADA security world, we bring in someone outside the control system community to introduce a concept that the community should start thinking about. Last year it was Ross Anderson on [...]

I will be previewing some of the papers and presentations in this year’s S4 over the next few weeks.
Digital Bond’s 4th Annual SCADA Security Scientific Symposium [S4] is being held January 20 – 21 in warm and sunny Miami Beach. S4 is a bleeding edge research event where technical papers are presented in detail to [...]

In preparation of the release of the Portaledge Meta-Event module I thought a quick review of the taxonomy of events in Portaledge profitable.
Early on in the Portaledge development process we realized that trying to create a strong taxonification of every possible series of events in any possible combination and order was an impossible task and that another methodology would [...]

The Virtual Attendee option for S4 has been available since year one. While there is great benefit to the face to face time at S4, travel and budget sometimes makes this impossible.
The Virtual Attendee experience is more than a simple webex. You actually have streaming video and audio in one window, the Powerpoint in a [...]

There’s a great write-up on building and maintaining a Windows tiered patching infrastructure over at Ars Technica today. It sets up like this:
Windows updates have historically been a constant annoyance for IT staff. Manual updates were a huge pain, and, while the advent of the Automatic Update feature improved the situation, it brought with it [...]

We are offering again this year an advanced control system security training course the day prior to S4, Tuesday January 19th. In this year’s course you will learn how to use and customize security tools specifically built for control systems. Learn how to use and customize Bandolier Security Audit Files for Nessus and other vulnerability [...]