-
Tuesday, December 30, 2008
Security Theater – Transit Police try to enhance the “perception” of security for SkyTrain riders.
I was thinking back to my last visit to Vancouver and contemplating an article I read in the Metro newspaper… an article on security that caught my eye.
It seems that the Transit Police are involved in Security Theater. I am not suggesting that they don‘t take security seriously, but I believe they are missing something very important. While cleaning up the transit stations and getting rid of the aggressive panhandlers, drug addicts, and garbage is a good thing (Vancouver Transit Police now carry arms), what about the systems that control the SkyTrain? How easy would it be to hack ...
Read full story
-
Monday, December 15, 2008
The Answer – One More Than You Have
I attended the West Coast Security Forum (WCSF) during the first week of December and I must share with you a major advancement in my understanding of layered defense strategies. I have attended many conferences and I am always looking for that nugget of truth that I can walk away with and apply to my work. Well, the WCSF did not let me down. From an anonymous voice in the crowd I heard that sage advice that we all seek. I asked the audience when using a layered defense strategy, how many layers of defense are enough? The first response ...
Read full story
-
Monday, December 15, 2008
Critical Infrastructure Protection and the Vancouver Olympics
Reportedly, security for the 2002 Salt Lake City games cost $1.3 billion, the 2004 Athens games were $1.5 billion, and the estimated cost for the 2012 London games is probably going over the $2 billion dollar mark. So, it shouldn’t be a surprise that security for the Vancouver Olympic games may approach or exceed $1 billion.
However, in all the above security budget increases, how much attention was or is being paid to keeping the lights on? What about keeping the oil and natural gas flowing? What about the water supply?
The common thread in these critical infrastructure issues are ...
Read full story
-
Monday, December 15, 2008
Who Turned Out the Lights? Applying Risk Management in the Age of Critical Infrastructure Protection – A Bottom-Up Approach
In today’s digitally connected world, there is little doubt that cyber threats against the industrial networks that operate our global critical infrastructures have grown more prevalent and sophisticated. This disturbing trend poses both a criminal and national security threat and has raised the need for governments, industry regulators and private sector organizations to search for ways to implement more effective cyber risk management strategies to protect the SCADA and Industrial Control Systems (ICS) that operate mission-critical infrastructures such as power, nuclear, oil and gas, water and sewage treatment.
Without an effective risk management strategy in place, operators of critical infrastructures ...
Read full story
-
Monday, December 15, 2008
Technical Difficulties Affect Us All
To Wurldtech Blog Readers:
Well, it seems our hosting provider’s web server died over the weekend (no we weren’t hacked) so we experienced some technical diffuculties. Unfortunately, all data posted from September 2008 to present day has been lost. Fortuntately, I have all our content backed-up on my computer. So, please excuse the fact that the following posts are stamped with today’s date as opposed to their original posting date.
If you posted a comment, please feel free to do so again.
Sorry for the inconvenience and thanks for your patience and support.
- Steve
Read full story
-
Monday, September 15, 2008
IEEE PES - PSRC Insights
I had the opportunity this week to sit in on several IEEE PES working group meetings while attending the Power System Relaying Committee meeting here in Vancouver, Canada.
I attended sessions on the reliability of networked devices and network infrastructure in power substations, and on architectures for SCADA security. I have a couple of impressions based on what was discussed:
There is quite a bit of uncertainty in the industry around security issues. For some operators, not seeing a clear direction for security measures in order to meet NERC-CIP has led them to disable some communications channels rather than try ...
Read full story
-
Sunday, September 07, 2008
On Vulnerability Disclosure
This year’s PCSF saw many productive discussions on the topic of responsible vulnerability disclosure (big hat tip to Zach and Mike who managed to keep the conversations from reducing to a bun fight). I want to take a moment to further detail a few of my own opinions on this subject matter.
Let me begin with a somewhat pragmatic definition of device vulnerabilities: Device Vulnerabilities (I wonder if this is where Tipping Point’s DVlabs name stemmed from) can be thought of as software, hardware, or requirements artifacts that may be utilized to violate the explicit or implied operational characteristics of ...
Read full story
-
Wednesday, September 03, 2008
Calling All White Hats! Hack This!
Who doesn’t like a good challenge? Especially when it can lead to bragging rights… or better yet, a career with a growing company that not only compensates for your skills and talents but offers tremendous upside potential, not to mention a rewarding career…
Introducing our “Hack This” challenge, which is the first in a series of different challenges, games, and assessment tools we’ll have on our website to test your skills (in hacking, coding, logic, assessments… in short, all things related to industrial cyber-security, cyber-risk and compliance) and get on our radar!
We’re always on the lookout for the next ...
Read full story
-
Thursday, August 14, 2008
ACS Cyber Security Conference Wrap-up
Dr. Nate Kube and myself attended the Applied Control Solutions Conference last week in Chicago, and it was an interesting event to say the least. Joe Weiss, the organizer of this event, has always done well with a “central theme” in such events, and this year was no exception.
Initial Impressions:
The conference opened with a video presentation from US Congressman Langevin, and it is clear that the issue of SCADA and control systems security are an important issue to him and the US Government. See the video hereI was surprised at the number of IT folks there, from a ...
Read full story
-
Monday, August 04, 2008
Safety Demo at This Week’s ACS Conference in Chicago
If you are familiar with safety and SIL as defined in ISA-84 and IEC61508, then you are also aware that when a process engineers considers the “safety” of a given component, they are usually considering only the potential for random hardware faults in such a component, and the reliability or likelihood of the safety components to be able to maintain a safe state of the operating equipment. They do not address, explicitly, systematic faults related to software, security issues, etc., as these were generally considered to be too difficult to predict. It is a generally well known and accepted position ...
Read full story