-
Friday, February 22, 2008
Much Ado about Risk Analysis
Joe Weiss recently commented over on his blog, and in the public ISA-99 email lists about his theories about risk analysis for control systems. He makes some salient points, namely that there is not enough statistical data out there, nor likely will there be, to create risk projections. While I agree with the general criticism of the risk projections for control systems, it is clear to me based on previous experience that this is not a problem unique to the control systems space.
I posted a more extended version of this to the ISA-99 list, but would be worth ...
Read full story
-
Sunday, February 17, 2008
Random Musings from a Proud CEO
This BLOG has been an excellent way to get our message out to the world and enabled some of the best minds in the industrial cyber security space to share their insights and experiences and further contribute to the collective knowledge-base the industry so desperately needs.
This medium also affords me the opportunity to connect directly with our clients, friends, investors and staff to share in what I feel has been one of the most amazing success stories of my career to date. With that in mind, I wish to share a small story.
Let me preface this with a ...
Read full story
-
Friday, February 15, 2008
The Value of Industrial Aware Tools in Security Assessments
“You Mean I have to Do My Assessment Again?” No one wants to be asked that question, but it is one being increasingly asked more often today. Many companies have completed vulnerability assessments of their process control environments, and some action taken. But as the industry continues to become more aware, and standards efforts such as ISA-99, NERC CIP, and NIST 800-53 take hold in industry, many are again scratching their heads to understand if they uncovered enough of the cyber risks to the organization.
“Turn off all these unauthorized ports, patch your systems, put virus protection on everything.” “Let’s ...
Read full story
-
Monday, February 11, 2008
Calling Out To Security Professionals - Wurldtech Is Hiring
To help support our growth plans in the US and Europe, we are looking for qualified individuals to join our team. At this time, we are looking for software developers and security engineers from various disciplines who have the talent, skill and determination to help take our Achilles solutions to the next level.
To learn more about what it takes to be part of the Wurldtech team, check out Manufacturing Automation Magazine’s latest edition (pg. 14) to read a profile on one of our Network Security Specialists, Frank Marcus. Go to www.automationmag.com to see the entire issue. To learn more ...
Read full story
-
Tuesday, February 05, 2008
Is 2008 the Event Horizon Year for Industrial Security?
Several events have occurred since the beginning of the year that vendors and asset owners should be looking at: CIA Announcement of Successful Power Grid Attacks Outside of the US. While I have problems with the admission, the important note is that the CIA DID admit the penetrations NERC CIP accepted as is by FERC NERC CIP version 2 expected to start this year First rounds of NERC CIP compliance Due in 2008 ISA Security Compliance Institute Stands up (this has been in place for a while but 2008 will prove to be the big kickoff year, I suspect) Availability ...
Read full story
-
Friday, February 01, 2008
Why Testing I/O Matters…
Industrial Users: If you aren’t testing the I/O, you aren’t testing the device!
We know that one of the unique benefits of Achilles testing is its ability to test the functions available on I/O. When a square wave is no longer a square wave, the devices connected to a process control asset can no longer be expected to perform as designed. It is a unique value proposition of this tool, but some may question whether or not it is necessary.
Discerning industrial users and suppliers already have robust testing methodologies in place that test functionality, but device resiliency from a ...
Read full story