Nancy Bartels of Control magazine and ControlGlobal.com hijacking Joe's blog here. This story would be funny if it wasn't so scary. Wired magazine has broken the real story (or the latest iteration of the real story). The link is here. So it wasn't evil hackers from Russia after all. From the sound of it, more like a Keystone Cops fire drill.

Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:

Posted by Joe Weiss:

Many people feel that green technologies such as wind and solar will minimize the
cyber threat to the grid. I believe they are wrong.

The industry uses the general term "threat information," but during more detailed discussions, it seems that the information companies seek is more like the traditional military concept of "tactical information."

Read this article and let us know if you agree.

A lot of this will be in my December Editorial:

 This has been a tumultuous last few months for industrial control system security. Since July 15, when word of the Stuxnet worm hit, vendors and end-users alike have been thinking and talking about their security policies.

OK, faced with the Siemens vulnerability, which could have been anybody else's vulnerability just as easily, what should we do?

I've been accused of being an apologist for vendors, but that's not what I am. As long as end-users are accepting (and many cases, specifying) software that runs on Microsoft Windows and Windows Server versions, these vulnerabilities will show up. I am a realist who's had a career in product marketing, sales, and new product development, and I know from the inside what it is like.

Auke Huistra,Project manager Cybercrime Information Exchange NICC, posted this on the SCADASEC mailing list:

The following was posted, among other places, on the SCADASEC listserv. Eyal Udassin, a well-known and well respected security researcher with significant experience with control system functional security has discovered a vulnerability in some of Rockwell's products, and he and Rockwell have moved quickly to fix the vulnerability.

Here's the text of Udassin's report:

Walt Boyes interviewed Bjorn Gudehus of Bell Canada, who is both a security analyst and an automation professional, and who has a distinctive voice and opinion on this important question.