-
Monday, January 28, 2008
Services: Half or Whole?
Many companies today offer cyber security services. With the veritable smattering of assessment services, red-team services, network design, NERC CIP (the list goes on), companies can quickly find ordering services can be about as complex as ordering your favorite coffee at your favorite chain coffee store. The question that MUST be asked is, “are you getting FULL value for your money?”
In a recent evaluation, we were called in after a NERC CIP compliance report had previously been generated. Given that this report was executed many months ago, the company had already started taking a number of key steps towards ...
Read full story
-
Thursday, January 24, 2008
Safety SIL and Security
As mentioned in a previous post, Dr Nate Kube and myself recently created a paper for the Digital Bond S4 conference in Miami on Security Assurance Levels. Our approach was to look at SIL and compare where the various strengths of SIL versus SAL exist. In short, we found that significant overlap does exist, but there are a number of key areas that require additional attention. Rather than re-write the whole paper here, please email skim@wurldtech.com to get your copy.
Read full story
-
Wednesday, January 23, 2008
Wurldtech and SANS SCADA Summit 2008
Last week, we had the opportunity to attend the SANS SCADA 2008 Summit in New Orleans. As my first trip to New Orleans since Katrina, I felt like so much of what we were hearing was overshadowed by the utter failure to properly handle disaster recovery in this city. Today, much of the city still is vacated, businesses boarded up, houses empty, and little being done in many areas to rebuild. Such a shame.
The summit, however, was a decent enough event. Attendance was high with lots of government and asset owners. While it would still be nice to see ...
Read full story
-
Tuesday, January 22, 2008
Bryan Singer Appears on Homeland Security Inside & Out
On January 22, 2008, our very own Bryan Singer appeared on the radio show, Homeland Security Inside & Out. Joining co-hosts Randy Larsen and Dave McIntyre, Bryan discusses the issue of cyber-security standards for industrial technology, automation and control systems.
Other guests include: Ellen Nakashima of the Washington Post; Matt Harwood of Security Management Magazine; Robbie Diamond of Securing America’s Future Energy; Dr. Starnes Walker of the Science & Technology Directorate at DHS; and Kay Goss of SRA International.
To listen to Bryan’s interview and/or listen to the complete show, please visit: http://homestation.typepad.com/hlsinsideandout/2008/01/tuesday-janua-2.html.
- Steve
Read full story
-
Saturday, January 12, 2008
Play it Safe AND Secure
In a couple of weeks, we’ll be at the Digital Bond S4 Conference in Miami. Here’s the agenda.
I have the privilege this year of presenting two papers. The first of which Dr. Nate Kube and I created, where we take an analytical look at Safety Integrity Levels (SIL), and make comparative analysis on what a Security Assurance Level (SAL) might look like. It’s a think piece, and we certainly have a ways to go, but a number of us in industry have started to question what a security level system would look like. The second paper is one that ...
Read full story
-
Monday, January 07, 2008
Industrial Cyber Security for the New Year
Let this be a lesson… Cyber security is not just about malicious hackers and crackers. We often say this, carelessly throwing the term around while the pundits nod their heads yes in passive acceptance. But what does this really mean? The terms “malicious” and “unintentional” are batted around in a fashion likened to security buzz-word volleyball. It is not merely enough to be buzz word compliant, security is a discipline which we must live or adhere to. I have given countless talks in the past few years, and I often define security as “any negative event that can cause an ...
Read full story