-
Wednesday, September 30, 2009
Tyler Williams To Discuss Smart Grid Cyber Security In China
As the demand for AMI solutions grows throughout the electric power industry worldwide, China seems to be taking a slightly more cautious approach than many in North America - who have been largely driven by the powerful combination of compelling economics and government stimulus funding - and starting with a clear strategy that deals with standardizing security and interoperability testing before approving massive installations that may cause significant issues down the road. This has long been our position and message to the industrial cyber security community and we are glad to see China weighing-in with what we consider to be ...
Read full story
-
Thursday, August 06, 2009
A Trifecta Of Rational Cyber Security Discourse
In this months issue of Automation World, three articles touched on various elements of the industrial cyber security paradigm which we think are extremely important. I have briefly summarized each below and attached a link for your viewing pleasure.
First, Ted Angevaare, internationally-recognized industrial cyber security expert from Shell - and a strong supporter of Wurldtech - is profiled in an article regarding their recent cyber security initiatives. This is the first time a major end-user has publicly come forward with their pains and plans around cyber security. A refreshing and welcome perspective indeed. Just think about the progress we ...
Read full story
-
Thursday, July 09, 2009
Wurldtech Gears Up To Help Secure The Smart Grid
Wurldtech today announced a major strategic initiative to help address the critical cyber security & interoperability challenges facing the energy sector and specifically the bulk power industry with Smart Grid.
Read full story
-
Wednesday, May 27, 2009
Wurldtech Discusses Smart Grid Security at ConnectivityWeek & UTC Telcom
Wurldtech’s CEO, Tyler Williams, will be on the road for the next few weeks presenting at two high-profile industry conferences where Smart Grid security will be the primary focus. UTC Telecom 2009
At UTC, Mr. Williams will be delivering a presentation called “From FUD to Fact: Simple solutions to improve the security & robustness of Smart Grid infrastructure.” This will be held (6/3; 9:15 a.m. – 19:30 a.m.). With all the attention lately in the media surrounding cyber terrorism and the vulnerabilities found on the networks that control and manage global critical services such as power, energy, transportation and telecommunications, ...
Read full story
-
Monday, May 25, 2009
Some Overlooked Aspects Of Cyber Security Standards For SCADA & Control Systems
Last week the first set of standards to be implemented by the Smart Grid were announced by NIST. Having defined standards to follow and work with is usually a good thing (unless your standard gets rejected), but standards come with more implications than most realize. In the past, electric utilities have relied on a combination of security by obscurity, and also the fact that fewer devices were networked to make cyber security a non-issue. The Smart Grid has changed all of that. Once there are clearly defined standards, the obscurity goes away. That’s not a bad thing, but it is ...
Read full story
-
Sunday, March 22, 2009
Doesn’t Cyber Security Deserve a Stimulus?
I just returned from a meeting where I was invited to speak. The event was called The Infrastructure Modernization Initiative: Homeland Security Implications and Challenges and was hosted by the Center for Homeland Defense and Security (CDHS https://www.chds.us/?home) at the Naval Postgraduate School (NPS) in Monterey. There was a multidisciplinary group representing critical infrastructure from police to fire fighters, physical security, and of course cyber security as well as control systems security.
I would describe the overall feeling as upbeat but concerned. They are upbeat because critical infrastructure is finally getting some badly needed attention. The concern stems from ...
Read full story
-
Sunday, March 22, 2009
Will NERC-CIP Save The Day
Initially, I wondered about the value of the NERC-CIP standard (http://www.nerc.com/page.php?cid=2|20) that allowed me to opt-out by not defining any of my assets as critical cyber assets (CCA). Furthermore, defining the electronic security perimeter (ESP) is another challenge because if you touch the Internet anywhere you can be touched from anywhere. So, in some sense, you have no perimeter. In my simple way of thinking about these things it seems the only real perimeter is an air gap. However, the process is maturing and companies are developing clear, defensible, and documented processes for defining CCAs and ESPs.
Obviously, ...
Read full story
-
Monday, February 16, 2009
The not so smart “Smart Grid” - Addendum
There has been a lot of traffic in the blogsphere about Smart Grid security. In the real world, working groups are being formed, standards are being written, and there are many activities by the GridWise Architecture Council (http://www.gridwiseac.org/), NIST (http://www.nist.gov/smartgrid/) and a host of people that truly get it when it comes to security. I think all of this work is absolutely needed and there are a lot of very smart people working on those groups/standards and they are doing a great job.
However…
We are not just talking about the designed-in functionality of all these ...
Read full story
-
Monday, February 09, 2009
Chasing the 0Day Threat
The topic of 0Day Threat or 0Day vulnerabilities certainly get a lot of press. And this is probably for good reason. The common notion is that the 0Day vulnerabilities are the ones that can cause the most harm because they are the ones you’re not prepared for. The industry has matured significantly from the days (and yes, I can actually remember those days) when hackers demonstrated their skill for bragging rights. These days, we’ve got sophisticated markets where vulnerabilities are bought and sold and I am sure it does not surprise anybody reading this that there is also a lucrative ...
Read full story
-
Wednesday, February 04, 2009
Common Vulnerabilities & Exposures (CVE) For The Rest Of Us
As of today, the Common Vulnerabilities and Exposures (CVE) database, hosted by Mitre Corporation (http://cve.mitre.org/) for the Department of Homeland Security (DHS), contains 34,542 entries. That may not seem like a large number, but any one of those entries can translate to multiple instances in the field. While the contents of this database are very important in the IT world to help security practitioners ply their trade, build rule sets, etc., there is a glaring lack of information on industrial control systems (ICS).
A search of the CVE database using “SCADA” or “DCS” or “PLC” as a search ...
Read full story