S4_Call
AAA  AAA 

Archive for 'US Government'

Dept of Energy Peer Review

Last week I attended, presented and tweeted at the Dept of Energy Cybersecurity For Energy Delivery Systems Peer Review. The idea is DoE funds all these research projects, and they would like a group of owner operators and other industry guru’s to help determine if the projects will help secure the energy sector’s critical control [...]

Ex-FERC Chair Kelliher with Interesting FERC/NERC Comments

Joseph Kelliher was the Chairman of FERC from July 2005 – January 2009 so he had a front row seat to the NERC ERO / FERC / Congress issues and enough time to get perspective from outside the FERC bubble. On April 28th he gave a speech at an Energy Bar Association, and the transcript [...]

Perfect Citizen

A few thoughts on the Perfect Citizen project by NSA.
First, it is unclear what Perfect Citizen is. The news reports said the program would places sensors in the critical infrastructure to detect cyber attacks. NSA says “Perfect Citizen is purely a vulnerabilities-assessment and capabilities-development contract. This is a research and engineering effort. There is no [...]

DOE Site Visit

Last week I went to Pacific Northwest National Laboratory to assist them with Portaledge. The Department of Energy thought it would be a good idea to include Portaledge output in PNNL’s National SCADA Test Bed Real-Time Security State Visualization Project, I hope they find a good acronym or project name for that. When I arrived [...]

A New Competitor? DHS?

Matt Olney from Sourcefire has a lengthy editorial on the Lieberman-Collins Protecting Cyberspace As A National Asset Act. I haven’t read the 197 page bill cover-to-cover, but did glance at the sections that Matt highlighted in his editorial. What was a bit jarring was the idea that this legislation suggests DHS get into the control [...]

FISMA / SP800-53 is not Utopia?

The first potentially successful effort in the US to have a control system security standard that had must and shall requirements and an audit plan was NERC CIP for the electric sector. The standards were first written broadly with general security requirements that could be met with a number of implementation choices that a security [...]

Military’s right to return cyber attacks

Yesterday, the Director of the NSA, Lt. Gen. Keith Alexander, now the Presidential nominee to head the new Cyber Command, stated that we should be allowed to counter cyber attacks if we can determine the attacker. Alexander mentioned the US has already responded to attacks but did not comment on the strength [...]

ICSJWG Day Two and Summary

After a relatively grim Day One of DHS’s Industrial Control Systems Joint Working Group Spring Meeting in San Antonio, I’m happy to report that Day Two was dramatically better with quite a few interesting presentations.
There were three concurrent tracks with 45-minute presentations throughout the day. In addition to the Bandolier panel, the highlight for me [...]

ICSJWG Day One

Today was Day One of the spring meeting of DHS’s Industrial Control System Joint Working Group [ICSJWG]. Here are some highlights and comments:
There were just over 200 people at the event, official number or registrants was 267. Just like PCSF before it, ICSJWG is often worth attending just for the opportunity to talk with so [...]

Thoughts on the Comprehensive National Cybersecurity Initiative

As I read the twelve initiatives of the CNCI, I was looking for its strong and weak points. However, I couldn’t help but think about the level of effort that was required to produce these nice words on these general thoughts. Is this document and the program around these initiatives going to produce the dramatic [...]