Home ›› cyber security

cyber security

FERC NOPR and the NERC CIPs

Category:
Submitted by jweiss on Sat, 08/11/2007 - 01:58.

The Federal Energy Regulatory Commission (FERC) Notice of Public Rulemaking (NOPR) has been issued for public comment and it should not come as a surprise. In December, the FERC Technical Staff issued their Technical Assessment of the North American Electric Reliability Council (NERC) Critical Infratsrcture Protection (CIP) cyber security standards. The general utility industry response was to attack the administrative issues and generally ignore the technical issues. People should understand wh...

From 'Sound Off! Editors' Blog'

Who's in charge, here?

Category:
Submitted by waltboyes on Wed, 08/08/2007 - 17:50.

Ever since the AP article reporting on Ganesh Devarajan from TippingPoint (a 3-com company) and his presentation at the Devcon hackers' conference last week, there has been a very interesting thread on the SCADA list. Fundamentally, however, most people on the list are saying that the problem is that reporters scare people. That's not the problem. Here's what I just posted there:

You are all missing the point, unfortunately.

NERC just published a NOPR for the non-nuclear electric ...

From 'Sound Off! Editors' Blog'

ACS Cybersecurity Conference pulls powerful speakers together

Category:
Submitted by waltboyes on Tue, 08/07/2007 - 18:22.

Control Magazine has been working very hard with Joe Weiss on this conference and we're really pleased to share the agenda with you. It is a real powerhouse conference. You can still come and be a part of it. Register at http://www.realtimeacs.com

Agenda for the ACS CyberSecurity Conference

'Sound Off! Editors' Blog'

Hijinks from Defcon..."we will scary you!"

Category:
Submitted by waltboyes on Mon, 08/06/2007 - 16:46.

Brian Mast reports on the SCADA list:

Researcher: Flaw exposes hack threat
Staff and agencies
04 August, 2007
By JORDAN ROBERTSON, AP Technology Writer

LAS VEGAS - Terrorists and other criminals could
exploit a newly discovered software flaw to hijack
massive computer systems used to control critical
infrastructure like oi...

From 'Sound Off! Editors' Blog'

Homeland Security pronounces on control system security

Category:
Submitted by waltboyes on Wed, 08/01/2007 - 21:24.

The US Department of Homeland Security released its Catalog of Control Systems Requirements (Draft) July 2007  today.

It is interesting reading. According to several commentators, it contains warnings about spam and social media-- things not entirely commonly associated with control syst...

From 'Sound Off! Editors' Blog'

What's this? A bogus security survey?

Category:
Submitted by waltboyes on Tue, 07/31/2007 - 22:18.

Jake Brodsky noticed this on the Industrial Defender website:


July 26, 2007

Dear Chemical Industry Participant,

A number of chemical industry companies have recently reported that they are

receiving calls from a gro...

From 'Sound Off! Editors' Blog'

SP99-- who are those guys?

Category:
Submitted by waltboyes on Tue, 07/24/2007 - 23:58.

Ken Anderson will be speaking on security issues with Wireless applications.
I don't know what happened, but this was supposed to be given by Bryan Singer...

Anderson works for an oilsands company.

What I want to talk about is where SP99 is, and what we're doing there.

Components included based on function performed, not industry, type of control or other limited views

SCADA, etc.

We go from Level 0,1,and2 and a little of Level 3 of the purdue model.

IT security is an established disciplin...

From 'Sound Off! Editors' Blog'

More SOX trouble for utilities?

Category:
Submitted by waltboyes on Sat, 07/14/2007 - 17:42.

Thanks to Bob Landman of HL Instruments for posting about this on the SCADA list:

July 12, VNUNet — Utility firms sitting on hacking time bomb.

Utility companies could be facing a hacking time bomb owing to poor security measures. As more utilitie...

From 'Sound Off! Editors' Blog'

Joe Weiss reports on NERC CIP and Electric Utility Safety

Category:
Submitted by jweiss on Sat, 07/14/2007 - 17:15.

How Secure are the Electric Utilities if They Implement the NERC CIP Standards?

The NERC CIP standards were developed in a consensus fashion with representation from the smallest to the largest utility organizations. In order to obtain consensus, the NERC CIP standards are ambiguous and at best provide a “minimum bar�. CIP-002 is the funnel for establishing what systems need to be addressed. If the CIP-002 risk assessment identifies the device or system...

From 'Sound Off! Editors' Blog'

Joe Weiss asks: Does Sarbanes-Oxley apply to control systems?

Category:
Submitted by jweiss on Tue, 07/10/2007 - 14:41.

Does Sarbanes-Oxley apply to Control Systems?The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors a...

From 'Sound Off! Editors' Blog'

« first‹ previous67891011121314next ›last »