CIDG and Berkana Resources announced a new security compliance tool, the Comprehensive Security and Compliance Solution. The “comprehensive security” in the name bothers me, but I’m looking forward to spending some hands on time to get a feel for its value in the future. It purports to help track compliance with security standards and measure [...]

After leaving Tokyo I spent some time in Kuala Lumpur and Singapore. These countries and others in Asia are ramping up their education and guidance efforts on control system security. Most of the effort is with the owner / operators because there is not a large control system vendor base in the region outside of [...]

We are pleased to announce the first release of Digital Bond’s Portaledge project. Just in case loyal blog readers have forgotten, Portaledge is a U.S. Department of Energy funded project where control system Historians are used to aggregate and correlate security events to detect attacks.
We selected the OSIsoft PI server as our historian platform because [...]

An interesting and quite dangerous situation is playing itself out over the firewall in corporate security. There’s some Adobe 0day being exploited in the wild, and while that alone is enough to make all of the control system admins out there take a quick glance at their firewall rules (Adobe 0day essentially means that [...]

With a few things wrapping up with other projects this week I’ve been concentrating on our Quickdraw project and expanding out the capabilities of snort to be able to do detection and alerting quite a bit easier.  Thankfully the good people who’ve created snort have made this a lot easier by providing a way to [...]

Even while some engineers are still dealing with Windows NT (or much older) servers and workstations, Windows Vista and Server 2008 are making their way into control system environments. It doesn’t seem that long ago that I was heading up a committee on whether to upgrade to Windows 2000 or XP, but I digress.
I’ve been [...]

The past two days I have presented at and attended control system security events in Tokyo. These events are put on by JPCERT/CC and the Japanese Ministry of Economy, Trade and Industry. Wednesday was invite only vendor day with approximately fifty attendees from Japanese control system security vendors, a very strong turnout. There was a [...]

This week DHS announced the creation of the Industrial Control System Joint Working Group [ICSJWG] that will operate under the Critical Infrastructure Partnership Advisory Group [CIPAG]. ICSJWG “will continue the successful public and private partnerships created by the Process Control System Forum (PCSF).”
This comes after the untimely demise of PCSF, and although details are limited, [...]

If you followed the Aurora vulnerability or are involved in the nuclear energy sector, then Timothy Roxey is a name that you will certainly recognize. NERC announced this week that he will be coming on board in a newly-created role — Manager of Critical Infrastructure Protection. He’ll be working with CSO Michael Assante on CIP [...]

Two interesting items in the latest NERC newsletter.

NERC is creating a group called Hydra. They say “Hydra will create a network of electric industry subject matter experts (SME) to handle modern fast-moving threats to the bulk power system.” There is an open invitation for two hundred SME’s. There are more and more of these pro [...]