exida discovered fraudulent certificates claiming that a product meets the functional safety requirements for Safety Integrity Level (SIL) 3 capable per IEC 61508. These certificates are FALSE.

Recently, several ICS end users in the Middle East and Asia have been exposed to attacks directly on the control systems through firewalls that have been misconfigured, or not configured correctly, for Modbus and OPC data. These attacks have caused weeks of rebuilding systems, with concomitant loss of production and loss of revenue. We have seen enough of this to validate the ISA99 "zones and conduits" model of ICS system architecture.

Recently, several ICS end users in the Middle East and Asia have been exposed to attacks directly on the control systems through firewalls that have been misconfigured, or not configured correctly, for Modbus and OPC data. These attacks have caused weeks of rebuilding systems, with concomitant loss of production and loss of revenue. We have seen enough of this to validate the ISA99 "zones and conduits" model of ICS system architecture.

I recently read in Power Magazine (powermag.com) that EPRI is launching the Security and Privacy Initiative, a collaborative effort to investigate cyber security standards, business processes, and technologies to protect the electric grid.

Nancy Bartels driving the blogging machine here this morning. I am not by nature an alarmist, and I tend to ignore headlines that say (or imply) "OMG, we're all going to die!" On the other hand, when you smell smoke in the kitchen for longer than a couple of minutes, it can't hurt to assume something more than the toast is burning. Which brings us to this link from Dark Reading.

A message from Joe Weiss:

September 2011, DOE published the Electricity Sector Cybersecurity Risk Management Process Guideline for comment. The document draws from a significant number of experts, though none are industrial control systems (ICS) experts. The document effectively equates IT and ICS. It references IEC-62443 which is still not a formal document and excludes any mention of ISA99.

The final agenda can be found at www.realtimeacs.com There are several unique hallmarks of the conference:

• Discussions of actual control system cyber impacts
• The significant amount of discussion makes keeping a schedule almost impossible
• Many of the presenters are not recognizable as they are not the typical speakers – these are the control system cyber security experts.

Thursday September 22

High Points:

In 1999, the Bellingham, Wash., gasoline pipeline ruptured killing three people. It was a control system cyber incident with many implications for future pipeline cyber impacts:

Posted by Joe Weiss:

Many people feel that green technologies such as wind and solar will minimize the
cyber threat to the grid. I believe they are wrong.

Fooling around in the social media corner of the Internet this morning, and came across this link (http://asian-power.com/node/11144) on Facebook via Eric Byres.