Archive for November, 2012

TransAtlantic Cyber Security Summit – Observations

November 27-28, the Georgia Tech Research Institute and the US Office of Naval Research Global held the TransAtlantic Cyber Security Summit in Dublin, Ireland. The agenda can be found at http://www.siliconrepublic.com/events/event/2927-transatlantic-cy…

Question on PLC vulnerability from Iran

November 19, the following thread was in Linked-in Cyber Security in Real-Time Systems. "I found that there is a vulnerability in Image-Memory of PLCs. Ralph lunger (sic) said in a movie." the vulnerability is read and write capability in Mem…

The National Research Council report on Terrorism and the Electric Grid

The National Research Council prepared the report, "Terrorism and the Electric Power System". The report was completed in 2007 but was classified by its sponsor, the Department of Homeland Security, until now. The Council lobbied DHS to allow…

Are nuclear plants cyber secure- another nuclear plant control system cyber incident

November 9th, Susquehanna Unit 2 had a manual shutdown (scram) of the plant due to a failure of the Integrated Control System (ICS) which controls feedwater flow and other systems. The ICS is not a safety system but affects the functionality of the pla…

Are utilities and others still blinded by the real threat of Aurora

At the recent ICS Cyber Security Conference we had the first public discussions of Aurora. Aurora is a gap in protection of the electric grid. Aurora is starting Alternating Current (AC) equipment (generators, motors, etc) out-of-phase imposing a larg…

"Swiss Army Knife" for safety systems – is it a feature or a vulnerability

On Tuesday, a major control and safety system vendor held a webinar on cyber security of safety systems – "The rocky relationship between safety and security". The vendor talked about the network issues that needed to be considered, limitatio…

The SANS 20 Critical Controls and their applicability to industrial control systems

At the 12th Industrial Control System (ICS) Cyber Security Conference the week of October 22-25 in Norfolk, VA, there were a number of issues that became evident to the attendees:- There are significant differences between IT and ICSs. From a cyber sec…