exida discovered fraudulent certificates claiming that a product meets the functional safety requirements for Safety Integrity Level (SIL) 3 capable per IEC 61508. These certificates are FALSE.

I was recently informed about a new White Paper by respected cybersecurity authorities Ralph Langner and Perry Pederson of the Brookings Institution called "Bound to Fail: Why Cybersecurity Risk Cannot Be Simply 'Managed' Away" that is now available for free after registration from ControlGlobal at  www.controlglobal.com/whitepapers/2013/130304-langner-pederson-cybersecu...

Having just returned from a SCUBA diving trip to the Honduran Bay Island of Roatan I saw first hand what happens when we mess with natural systems.  For those that don't know, the Lionfish, an Indo-Pacific native species, has somehow been introduced into the Caribbean, where as an invasive species with no natural predators, it is decimating fish populations and destroying reef ecosystems.

How far should we go in adopting IT type rules for the management of cybersecurity on control systems. Will treating a control system as just another set of PCC's (from the IT perspective) cause more problems?

This was originally posted in "The Process Automation Usability Project" by the Gary Law. See the responses he got there and contribute with your own here.

Some of it serious; some, not so much. Time to take a gander at news you may have missed while otherwise occupied this week.

Qatar-based liquefied natural gas (LNG) producer RasGas reported in early September that malware shut down part of its computer system. This was the latest cybersecurity attack in the Middle East region after the attack on the computer network of a state owned oil producer in Saudi Arabia.

According to RasGas the firm was facing 'technical issues' after being 'affected by an unknown virus'. "Operational systems onsite and offshore are secure, this does not affect our production at the Ras Laffan industrial city plant nor scheduled cargoes," RasGas said.

Russian antivirus firm Kaspersky Lab seeks a developer and analyst to create an operating system that could dissuade the next Stuxnet attack on industrial control systems. Currently, Kaspersky Lab wants to hire professionals with experience in programming PCS and Supervisory Control And Data Acquisition (SCADA) systems, implementing industrial networking and communications protocols, and knowledge of Siemens, Emerson, Omron, ABB and other programmable logic controllers.

Unless you've been living in a cave or completely focused on the fate of your favorite baseball or basketball team, you're bound to know that the issue of cybersecurity is heating up. If Stuxnet wasn't enough, now there's its evil twin Flame to add to your worries about your computer systems. So it's really no surprise that Honeywell is stepping up to the plate and coming at security and its good twin safety with more applications and services for its customers.

I recently read in Power Magazine (powermag.com) that EPRI is launching the Security and Privacy Initiative, a collaborative effort to investigate cyber security standards, business processes, and technologies to protect the electric grid.

This news release just crossed my desk. Might be worth your time to fill this out.

SECURITY INCIDENTS ORGANIZATION CONDUCTING FIRST CONTROL SYSTEM SECURITY BENCHMARK SURVEY
 
            SELLERSVILLE, Pa. – The Security Incidents Organization will conduct its first control system security benchmark survey beginning Wednesday, February 15, 2012. The information gathered from the survey will help the automation industry better understand the present state of control system security in industrial facilities.