-
Thursday, July 09, 2009
Wurldtech Gears Up To Help Secure The Smart Grid
Wurldtech today announced a major strategic initiative to help address the critical cyber security & interoperability challenges facing the energy sector and specifically the bulk power industry with Smart Grid.
Read full story
-
Tuesday, June 02, 2009
Achilles Helps Make The Smart Grid Safe & Secure
We’re excited to announce the latest feature enhancement to our award-winning network testing platform – Achilles. In an effort to help improve the security and robustness of emerging industrial wireless and smart grid infrastructure, we have expanded the testing capabilities of the Achilles Satellite to allow manufacturers of wireless networked devices communicating over IEEE 802.15.4 to identify cyber vulnerabilities before deploying them into our critical electric power infrastructures.
Read full story
-
Monday, May 25, 2009
Some Overlooked Aspects Of Cyber Security Standards For SCADA & Control Systems
Last week the first set of standards to be implemented by the Smart Grid were announced by NIST. Having defined standards to follow and work with is usually a good thing (unless your standard gets rejected), but standards come with more implications than most realize. In the past, electric utilities have relied on a combination of security by obscurity, and also the fact that fewer devices were networked to make cyber security a non-issue. The Smart Grid has changed all of that. Once there are clearly defined standards, the obscurity goes away. That’s not a bad thing, but it is ...
Read full story
-
Tuesday, January 20, 2009
The Not So Smart “Smart Grid”
There seems to be a lot of buzz in the industry about the Smart Grid and the expectation is high that a boatload of money will find its way to the electrical sector for a couple of reasons. First, the investment is sorely needed to support future growth and update an aging infrastructure; and second, such investment will provide an economic stimulus and create Green jobs that can’t be outsourced. The logic is sound and, for all intents and purposes, seems like a good idea.
The basic notion behind the Smart Grid is simple - the Smart Grid is made ...
Read full story
-
Monday, January 12, 2009
The Network Stack Certification Iceberg – On Accreditation Requirements
As the creator of the Achilles Certification program, I spend a great deal of time in both international and North American ICS security Standard and Certification efforts serving in the role of leader, SME, or active participant.
One of the efforts I’m currently involved with is attempting to create a ICS network stack security certification program which it wants to licence to accredited labs for execution against submitted vendor equipment. The utility, feasibility, or value to the community of such an effort is not the focus of this blog, but rather I wish to discuss few of the underlying technical ...
Read full story
-
Monday, September 15, 2008
IEEE PES - PSRC Insights
I had the opportunity this week to sit in on several IEEE PES working group meetings while attending the Power System Relaying Committee meeting here in Vancouver, Canada.
I attended sessions on the reliability of networked devices and network infrastructure in power substations, and on architectures for SCADA security. I have a couple of impressions based on what was discussed:
There is quite a bit of uncertainty in the industry around security issues. For some operators, not seeing a clear direction for security measures in order to meet NERC-CIP has led them to disable some communications channels rather than try ...
Read full story
-
Sunday, September 07, 2008
On Vulnerability Disclosure
This year’s PCSF saw many productive discussions on the topic of responsible vulnerability disclosure (big hat tip to Zach and Mike who managed to keep the conversations from reducing to a bun fight). I want to take a moment to further detail a few of my own opinions on this subject matter.
Let me begin with a somewhat pragmatic definition of device vulnerabilities: Device Vulnerabilities (I wonder if this is where Tipping Point’s DVlabs name stemmed from) can be thought of as software, hardware, or requirements artifacts that may be utilized to violate the explicit or implied operational characteristics of ...
Read full story
-
Thursday, August 14, 2008
ACS Cyber Security Conference Wrap-up
Dr. Nate Kube and myself attended the Applied Control Solutions Conference last week in Chicago, and it was an interesting event to say the least. Joe Weiss, the organizer of this event, has always done well with a “central theme” in such events, and this year was no exception.
Initial Impressions:
The conference opened with a video presentation from US Congressman Langevin, and it is clear that the issue of SCADA and control systems security are an important issue to him and the US Government. See the video hereI was surprised at the number of IT folks there, from a ...
Read full story
-
Wednesday, July 23, 2008
Next Rounds for NERC CIP Approaching - What Does it Mean for Industry?
The nomination window for the next NERC CIP drafting team has opened, and nominations are due on 7/28/2008, link is available here. This effort comes hot on the heels of the SAR comment team’s completion of the comment review from the last round of the NERC CIP documents. Further it represents a critical and important next step in the evolution of the NERC CIP documents and for the general security protection requirements and regulatory efforts for North American bulk power systems protection from cyber security events.
There is a lot of good news in this, and some items that ...
Read full story
-
Thursday, July 17, 2008
Wurldtech Continues its Tradition of Innovation at PCSF: Dr. Kube to Present AchillesINSIDE
Building on last year’s PCSF event in Atlanta, GA where we unveiled the Achilles Certification Program, we are set for another introduction at this year’s event in La Jolla, CA (August 26-28, 2008). Dr. Nate Kube will present AchillesINSIDE, one of this year’s most anticipated solutions from Wurldtech Labs. Should be another fantastic event! Topic: AchillesINSIDE – Intelligent Cyber Security and Risk Management for Industrial Environments Presenter: Dr. Nate Kube, CTO, Wurldtech Security Technologies, Inc. Time: Wednesday, August 27th About the PCSF 2008 Annual Meeting:
End-user involvement in collaborating towards advances in control system cyber security policy, practices, standards, tools, ...
Read full story