Archive for August, 2012

Lessons learned from Aurora

On the SCADSec blog site, Ed Beroset stated the following: I’ve attended a number of security conferences at which speakers would gravely intone that "we have not yet learned the lessons of Aurora." When I’ve probed a bit deeper, I’ve found t…

Legacy Control System Cybersecurity/Reliability Test Bed

There has long been a strong desire to find solutions for securing industrial control systems that go beyond "simply" exposing problems and risks. So what is so difficult about finding solutions? The answer is technology, use and compliance. …

Something new under the sun?

I recently attended the Wireless Communication Alliance meeting on Smart Grid Cyber Security. The invitation read "As we continue to build out our modern electric generation, transmission, and delivery infrastructure, we continue to learn more abo…

What Can You Find in Our August 2012 Issue?

In our August issue, read "Wireless Comes of Age" and find out why wireless is not just for early adopters anymore. Also, learn to "Flow Like an Egyptian" with Walt Boyes, who covers the basics of flow measurement in open channels a…

What Can You Find in Our August 2012 Issue?

In our August issue, read "Wireless Comes of Age" and find out why wireless is not just for early adopters anymore. Also, learn to "Flow Like an Egyptian" with Walt Boyes, who covers the basics of flow measurement in open channels a…

What does it take for a utility to be a leader in Industrial Control System (ICS) cybersecurity?

With Smart Grid and NERC CIP, many utilities have been public about their efforts to secure their systems. Unfortunately, those efforts haven’t addressed Aurora, Stuxnet, or securing legacy ICSs for reliability. To the best of my knowledge, there has b…

IT and ICS – two functional areas separated by a common, but misunderstood language

Over the past two weeks, I have either presented and/or participated in numerous cyber security meetings. Each of the meetings had representatives from both IT and ICS. There were many discussions where the IT and ICS attendees talked past each other w…

Building the Next System Capable of Fending Off the Next Stuxnet Attack on Industrial Control Systems

Russian antivirus firm Kaspersky Lab seeks a developer and analyst to create an operating system that could dissuade the next Stuxnet attack on industrial control systems. Currently, Kaspersky Lab wants to hire professionals with experience in programm…

Back to the Future?

A friend and I were discussing some new security features in a well known brand of Programmable Logic Controller (PLC). The features are almost exactly what most IT security experts have been demanding for years. Unfortunately, they are also very complex, arcane, and difficult for a typical engineer to want to mess with. If it […]

Aurora and the electric industry’s lack of adequate response

Aurora is a gap in protection of the electric grid. This concern of starting rotating electric equipment out-of-phase has been known for many years – it is a basic tenet of electrical engineering. However, until the Idaho National Laboratory (INL) demo…