Many of you are familiar with the Roadmap to Secure Control Systems in the Energy Sector that was created by a private industry / government team. To support roadmap implmentation the team then created the Interactive Energy Roadmap that maps research and other industry efforts to strategies in the Roadmap.
Now the Energy Sector Control Systems […]

I attended OSIsoft’s DevCon 2008 this week. While parts of the conference seemed to be more marketing than technology, there was some good information that I will be able to use for the Portaledge project. The most interesting talk was from Shane Hansen and Ken Rohde of Idaho National Laboratory (INL).
The presentation started […]

While I live in South Florida, I was in California during the short FPL blackout yesterday. At dinner with some other control system security professionals the talk obviously went to the FPL event. A few interesting points:
- Since this affected the Turkey Point nuclear plants we may get a NRC report on the incident. So […]

There has been discussion in the community on whether control systems are in the Sarbanes Oxley (SOX) scope.
We have never been comfortable with the level of detail or expertise in the discussion, and the last thing the community needs is more uncertainty about security related regulations. So we found an expert with a background in […]

 

 SOX and Control Systems: Play Now | Play in Popup | Download

Alan Paller of SANS has been talking about cyber extortion attempts of utility companies for over a year now, and we now have Tom Donahue, a CIA-rep, on the record.
“We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some […]

It was a tough blow when Perry Pedersen left the Control Systems Security Program (CSSP) Director position back in August of 2007. Perry had that group really working the best it had ever had and with a high morale.
We hear that Sean McGurk will be the new CSSP Director starting in January. Sean worked 20+ […]

After the Congressional testimony in October, the panelists were provided with questions from committee members. Joe Weiss shares two along with his answers in his latest Unfettered entry.
Congressman McCaul asks “What are the principal differences between the ISA 99 standards and the NIST best practices found in Special Publication 800-53?”
I know and admire Joe, but […]

The calls from reporters continue to come in related to Aurora and Congressional Hearings on grid cyber security. There is a lot of talk and temptation for the government to bash the power industry. After all you don’t want to look soft on this issue.
After seeing a story on TSA still failing to stop bomb […]

We are thrilled to announce that Digital Bond was one of five companies selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically advanced controls and cyber-security devices into our electric grid and energy infrastructure.  Our project is titled Cyber Security Audit and Attack Detection Toolkit and […]

I’ve been a bit surprised at the reaction to the excerpt of the DHS tape showing a demonstration of cyber attack on a power plant. The reaction from the press and those not in what I often call the “community” in this blog is an expected combination of shock and wonder at how this is […]