Last week I was up in DC for a semi-annual project review meeting for our DHS funded project to create security events for legacy PLC’s [Quickdraw]. At this meeting you learn about the other research projects funded through the same vehicles. Two had potential interesting application for control system security.
First, ITT has a project called [...]

article has been added to the scadapedia. This document outlines a 10 year process to create secure and resilient control systems in the waste and drinking water sectors.

It was a tough blow when Perry Pedersen left the Control Systems Security Program (CSSP) Director position back in August of 2007. Perry had that group really working the best it had ever had and with a high morale.
We hear that Sean McGurk will be the new CSSP Director starting in January. Sean worked 20+ [...]

I’ve been a bit surprised at the reaction to the excerpt of the DHS tape showing a demonstration of cyber attack on a power plant. The reaction from the press and those not in what I often call the “community” in this blog is an expected combination of shock and wonder at how this is [...]

I’m heading up for bidders’ conference for the DHS Science & Technology (S&T) control system security research opportunity in DC tomorrow. It will be interesting to see if they provide any more detail than in the announcement on the applied research they would like to see.
Any great ideas out there?
UPDATE at the event:
About 160 people [...]

The Control System Cyber Security Self-Assessment Tool (CS2SAT) was presented at the PCSF Annual Meeting earlier this month. I had promised a review of this tool, and it takes place in two parts. The facts of the CS2SAT are in a SCADApedia entry and my comments on the CS2SAT are here in this blog entry.
Overall, [...]

The PCSF Annual Meeting, March 6-8 in Atlanta has added the DHS sponsored SCADA Security Training Courses produced by INL. There is a four hour introductory course and an eight hour, hands on intermediate course. These are high quality, well received courses and were the number 8 highlight in our 2006 Top Ten [...]

There are two new hires at DHS that will have a big impact on SCADA security. The hire getting most of the news is Greg Garcia’s appointment as the new cyberczar. His official title is DHS Assistant Secretary for Cybersecurity and Telecommunications.
However, the new DHS employee that will have a large and direct impact on [...]

Today, DHS Released the public exercise report on CyberStorm, which was something I participated in, well, starting almost a year ago.
Although SCADA played a prominent role in exercise, the only real mention is the final report is excerpted below:
Finding 8: Improvement of Processes, Tools, and Technology
There was a great deal of research and discovery in [...]

In an earilier entry I linked to the INL/DHS site that will be a resource for the community. The site is early in its development and will be filled with numerous recommended practices, white papers, case studies and other useful info. My own bias is the sooner we can get this info out the better, [...]