Archive for 'Standards & Orgs'
Control Systems Security Standards Efforts ROI
I’ve been involved to varying degrees with security standards efforts for way too long now - - almost twenty years. Most recently with the ISA 99 Part 4 effort. For a while I was actively involved in that effort in support of a contract with Wurldtech. When Bryan Singer joined Wurldtech that did not make […]
Author: Dale Peterson
Posted: May 5th, 2008 under Standards & Orgs, Uncategorized.
Comments: 3
Shameless Marketing FUD and Hype
I’m sure many of you have been spammed by an email from TDI about a “NERC CIP Cyber Asset Alert”. I personally received three alert emails plus a blog spam. We get a lot of this type of material, but this one topped anything we have received lately in pure FUD and hype to promote […]
Author: Dale Peterson
Posted: April 10th, 2008 under Calculating Risk, NERC CIP.
Comments: 2
BSI IT Grundshutz
The ISA99 WG4 was discussing a security methodology called BSI IT grundschutz that was new to me. Hans Daniel provided a very concise and useful summary that he kindly allowed us to post on the blog.
UPDATE: A link to the English version of IT grundshutz courtesy of Stephan Beirer.
For the fast reader
The IT grundschutz methodology […]
Author: Dale Peterson
Posted: April 8th, 2008 under Standards & Orgs.
Comments: 12
NERC Looking for Security Experts to Assist with CIP Modifications
Just a quick note. Want to help improve the NERC CIP cyber security standards? They are looking for industry experts to assist. Nominate yourself before April 4th.
Author: Dale Peterson
Posted: March 25th, 2008 under NERC CIP.
Comments: none
SPP Critical Infrastructure Protection Working Group Meeting
Since leaving my post at a utility company and joining the Digital Bond team, my attention level to the NERC CIP saga has dropped off a bit. I’m back up to date now, though, after attending the SPP CIPWG meeting earlier this week. (SPP is the RTO and RE in my part of the […]
Author: Jason Holcomb
Posted: March 20th, 2008 under Big Picture, NERC CIP.
Comments: none
Sandia National Labs “Cyber Stalker” Embarrassment
Your tax dollars at work… A Sandia National Labs worker who used her computer access and position to “cyber-stalk” rock star Chester Bennington (of Linkin Park fame) was sentenced to two years in prison last week. This took place over the course of nearly a year in 2006 and involved hacking several of Bennington’s […]
Author: Jason Holcomb
Posted: February 26th, 2008 under National Labs.
Comments: 3
Podcast: SOX and Control Systems
There has been discussion in the community on whether control systems are in the Sarbanes Oxley (SOX) scope.
We have never been comfortable with the level of detail or expertise in the discussion, and the last thing the community needs is more uncertainty about security related regulations. So we found an expert with a background in […]
Author: Dale Peterson
Posted: February 11th, 2008 under Standards & Orgs, US Government.
Comments: 6
Bravo FERC!
Today FERC approved the NERC/ERO CIP cyber security standards for the electric industry. This was the right decision to avoid derailing progress.
What is most impressive are the comments in the press release and final rule.
They directed modifications and improvements. This is the Version 1.0, and it will get better and more stringent. Basically NERC/NRO needs […]
Author: Dale Peterson
Posted: January 17th, 2008 under NERC CIP.
Comments: 2
FERC “Proposes” Collecting Information on Aurora Mitigation
After the furor of Aurora and the Congressional hearings FERC is proposing to collect “information in connection with steps being taken by the electric industry to address potential cyber vulnerabilities”. The proposing part of this equation has to do with the FERC rulemaking procedure and requirements for public comment which I don’t claim to be […]
Author: Dale Peterson
Posted: December 11th, 2007 under NERC CIP.
Comments: 15
Only 7 Months to First NERC CIP Compliance Deadline
December 1. Can you believe it is only 7 months until Balancing Authorities and Transmission Operators who were required to self-certify to NERC 1200 will need to be compliant with 13 NERC CIP requirements? (hat tip: Ron Blume of Dyonyx).
Some of the 30 June 2008 requirements are:
Test procedures for significant patches and upgrades. This […]
Author: Dale Peterson
Posted: December 1st, 2007 under NERC CIP.
Comments: none

