General Charter and Usage Policy for the SCADASEC Mailing List

1.0 Administrivia

1.1 Charter of the SCADASEC Mailing List

1.1.1 What is SCADASEC?

The SCADASEC mailing list is meant to provide a common forum to discuss security concepts, ideas, theories, along with non-detailed discussions regarding publicly known vulnerabilities and exploits that have affected this community. This includes, but is not limited to, companies and/or organizations who represent end-user communities utilizing said technologies or architectures, government personnel (local, state, and federal), IT security professionals, SCADA security professionals, homeland security professionals, development organizations (vendors who provide the technology to SCADA), and more. This list is designed for people who are not necessarily security experts. As such, it is also an excellent resource for the beginner who wants a non-threatening place to learn the ropes.

1.1.2 What is appropriate content?

The following are what topics are allowed and/or should be posted to the SCADASEC mailing list:

* Tips on SCADA, computer, or network security.
* Affordable software solutions that is non-commercial (no advertising).
* Affordable hardware solutions that is non-commercial (no advertising).
* Security patches for commonly used software or hardware.
* Security policies for infrastructure businesses and sectors.
* Visionary or future direction of SCADA and/or CIP (not just NERC CIP).

1.1.3 What is inappropriate content?

The following will *not* be tolerated on the SCADASEC mailing list; failure to comply will result in the offending party's removal:

* Announcement of security vulnerabilities in technical detail.
* Any announcements where US/ICS-CERT or DHS have NOT been notified.
* Vulnerability announcements where notification has NOT been given.
* Product advertisements.
* Discussion of advanced security issues in technical detail.
* Non-SCADA/non-computer security related material.

1.1.4 Can I mention about my conference?

We encourage the open distribution of information to the user community. However, due to the commercial aspect that a conference implies, we try and limit the amount of times that a conference organizer may announce to the SCADASEC mailing list, and therefore will allow a maximum of only TWO (2) ANNOUNCEMENTS for each conference: one announcement posting to provide the general membership with the public announcement to the conference, and one announcement posting to provide any updates or last-minute information about the conference.

1.1.5 Is the list moderated?

Normally, no; however, the list can (and will be) from time to time temporarily moderated to prevent "flame wars". This is at the discretion of both the list owners, and of the moderators.

1.1.6 Who are the list moderators?

Bob Radvanovsky (rsradvan@infracritical.com)
Jake Brodsky (jbrodsky@infracritical.com)

The moderators are all representative of varying degrees of expertise, and welcome comments at any time.

1.2 History of SCADASEC

1.2.1 When was SCADASEC created?

SCADASEC was initially created on Wednesday, the 6th of February, 2008 by Bob Radvanovsky and Jacob Brodsky as its co-founders. Bob Radvanovsky is currently the owner and host provider for both the blog and mailing list.

1.2.2 Was the original charter always this way?

Yes, the original charter was to share and promote information exchange. Unfortunately, because of integration issues, tempers do flare (sometimes), and the varying parties need to understand that this is a common ground for meeting, sharing and exchanging ideas, philosophies, and more. It stands firm today, more than ever, as it did in February, 2008.

1.3 List Management

1.3.1 How do I subscribe to the SCADASEC mailing list?

Via your web browser, visit our web site at:

https://scadasec.groups.io

Please enter your name, email address, and you will receive a confirmation within 5-10 minutes. One of the moderators will acknowledge your wanting to join SCADASEC, and will acknowledge when time is available, your acceptance into the mailing discussion group.

1.3.2 How do I unsubscribe from the SCADASEC mailing list?

Via your web browser, visit our web site at:

https://scadasec.groups.io

1.3.3 How do I disable mail delivery temporarily?

Unsubscribe from the list and re-subscribe to start receiving mailing list traffic again. Also, if we receive too many bounce-back messages from a particular email address, that address may be either

* temporarily disabled

* or unsubscribed entirely by one of the moderators.

1.3.4 Is the list available in a digest format?

Yes, the digested form of the list is made available 1-2 times daily, depending on the amount of email traffic ingested.

1.3.5 How do I subscribe to the digest?

Same method as subscribing, only select Digest ONLY

1.3.6 How do I unsubscribe from the digest?

Same method as outlined in Section 1.3.2.

1.3.7 I seem to not be able to unsubscribe -- what is going on?

You are probably subscribed from a different address than that from which you are sending commands to the list from. Either send email from the appropriate address or email the list owner, Bob Radvanovsky (rsradvan@infracritical.com) to be unsubscribed manually.

1.3.8 Disclaimer Statement for Usage of the SCADASEC mailing list

DISCLAIMER: Any and all relevant discussions, postings, or otherwise, outlined, shared or distributed on the SCADASEC mailing list are the responsibility of the originating and/or corresponding author and/or posting party, and shall in no way, hold either the list owner, Bob Radvanovsky, Infracritical, or any of the moderators, responsible, accountable, liable whatsoever. The SCADASEC mailing list discussion forum is provided for the benefit of everyone associated with and/or participating to discussions that pertain to or are relevant to SCADA and/or control systems security discussions thereof.