-
Sunday, March 22, 2009
Doesn’t Cyber Security Deserve a Stimulus?
I just returned from a meeting where I was invited to speak. The event was called The Infrastructure Modernization Initiative: Homeland Security Implications and Challenges and was hosted by the Center for Homeland Defense and Security (CDHS https://www.chds.us/?home) at the Naval Postgraduate School (NPS) in Monterey. There was a multidisciplinary group representing critical infrastructure from police to fire fighters, physical security, and of course cyber security as well as control systems security.
I would describe the overall feeling as upbeat but concerned. They are upbeat because critical infrastructure is finally getting some badly needed attention. The concern stems from ...
Read full story
-
Sunday, March 22, 2009
Will NERC-CIP Save The Day
Initially, I wondered about the value of the NERC-CIP standard (http://www.nerc.com/page.php?cid=2|20) that allowed me to opt-out by not defining any of my assets as critical cyber assets (CCA). Furthermore, defining the electronic security perimeter (ESP) is another challenge because if you touch the Internet anywhere you can be touched from anywhere. So, in some sense, you have no perimeter. In my simple way of thinking about these things it seems the only real perimeter is an air gap. However, the process is maturing and companies are developing clear, defensible, and documented processes for defining CCAs and ESPs.
Obviously, ...
Read full story