Archive for March, 2012

Meetings with DOD and Congressional Staffers – March 26-29, 2012

I met with DOD and have two new definitions to add to the list of confusing terms.  The first is "data center".  DOD is in the process of consolidating their data centers. Consequently, I asked what is a data center.  Apparently any locati…

Piracy, Privacy interview on control system cyber security

Privacy, Piracy Host, Mari Frank, interviews Joseph Weiss, Industry expert on control systems and electronic security of control systems Monday, March 26, 8:00-8:30AM Pacific Time, KUCI 88.9 FM in Irvine,
read more

Piracy, Privacy interview on control system cyber security

Privacy, Piracy Host, Mari Frank, interviews Joseph Weiss, Industry expert on control systems and electronic security of control systems Monday, March 26, 8:00-8:30AM Pacific Time, KUCI 88.9 FM in Irvine,
read more

The inconsistency of Smart Grid and NERC CIP

The Smart Grid is dependent on interoperability and is moving toward ubiquitous use of TCP/IP.  Meanwhile, many utilities are removing or not installing TCP/IP connections for transmission to avoid having to meet NERC CIPs. Doesn’t this seem inconsist…

The March 2012 Issue is here!

Control’s March issue is all about road maps. Our cover story "The Control Room of the Future – Smarter Reality" shows readers how to navigate through all the glitz and shiny new tools and applications to get to the best, most practical and f…

What is Aurora and why is it a risk to grid reliability

There are a number of issues about Aurora that are confusing including its name, what it does, how to detect it, and what could be vulnerable. As Aurora is still classified as "For Official Use Only", I will not go into any technical details….

A case of misplaced ICS-CERT priorities – hack of building HVAC vs loss of logic of ALL DCS processors

The February 2012 ICS-CERT Monthly Monitor has an article on a state government building that had their HVAC hacked.read more

DOE Risk Management Process for the Electric Sector – Doesn’t DOE understand the difference between IT and Control Systems?

DOE has issued for public comment- Electricity SubSector Cybersecurity Risk Management Process dated March 2012.
September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The doc…

Observations from RSA, BSides, and GABA

I attended the RSA Conference, BSides Conference, and the German American Business Association (GABA) cyber security meeting in San Francisco the week of February 26th.read more