Sloppy security policies are leaving even large energy companies vulnerable to cyberattacks routed through their subcontractors, according to a report released Wednesday by Houston-based security firm Alert Logic. While the largest companies in the energy industry have taken steps to protect themselves from intruders, they have failed to insist on the same vigilance from their […]
Thoughts from Defcon
By Jack Whitsitt Since I returned from the yearly hacking & security mega-conference Defcon (and the less well known, but perhaps more interesting, Bsides Las Vegas) last month, I’ve been asked on several occasions to comment on the various control systems specific talks. The truth is, I only went to one or two. This is […]
In classified cyberwar against Iran, trail of Stuxnet leak leads to White House | Washington Times
Mr. Sanger wrote a June 1, 2012, article on Stuxnet that was adapted from his book, which debuted later that week. In the story, he quoted “participants” in White House meetings on whether to continue attacking Iran with Stuxnet, which somehow had broken free into the Internet.“ At a tense meeting in the White House […]
Industrial Security: The Beltway Bandits and Cybersecurity | CONTROL
“Just when it seemed as though we were finally getting people at the top of corporations and government to listen about the differences between IT and industrial control system ICS security, the Obama Administrations executive order mandating improved cybersecurity for critical infrastructure seems to have taken us all back five years. What do I mean? […]
Thoughts from a SCADA Engineer By Chris Sistrunk, PE
“Engineering isn’t about perfect solutions; it’s about doing the best you can with limited resources.” ― Randy Pausch, The Last Lecture A little background on myself, I have been an Engineer for Entergy for 10 years, 8 of which have been involved with the T&D SCADA system. I started with maintaining the SCADA master database, building operator […]
Read More 3 Comments
Tom Alrich’s Blog: My (Final) Fantasy CIP-002-5
“I recently wrote my longest post so far, describing how I would rewrite Version 5 of CIP-002 to change what I see as fatal imprecision in the language of that standard. However, I decided to leave part of the required changes for another post, since I wanted to think about them a little more before writing it. Here is […]
Public Utility Commission of Ohio’s Thomas Pearce on “Cybersecurity and Regulators”
As we all know, debate remains ongoing in our nation’s capital,, and increasingly in state capitals around the country regarding cybersecurity. Leading the charge is the recent Executive Order along with its companion Presidential Policy Directive. Despite relative inaction in getting federal legislation signed into law, I can tell you that there is on-going and […]
Read More 0 Comments
Cyber Threats and Security Solutions Congressional Hearing
On Tuesday, May 21, 2013 the Committee on EnergySec and Commerce held a hearing focused on cyber threats and security solutions in critical infrastructure. Much of the discussion was focused on the electric grid. For those who may have missed the hearing, here is the video and a link to the background notice. Background notice: http://grids.ec/securityhearing
How to Hack a Nations Infrastructure | BBC News
Its a small, busy place and is doing a good trade in tea, coffee and cakes. That woman has dropped some money. A child is running around. Later, another customer thinks they have got the wrong change. Nothing too gripping, you might think, except that the feed should be private, seen only by the cafes […]
Power companies present cybersecurity gaps | USA Today
The U.S. militarys top cybercommander said some of the nations utility companies have lagged in investing in network security, raising concerns about the vulnerability of the nations critical infrastructure. “The power industry has a wide scale, from companies that are very good to companies that need a lot of work and a lot of help,” […]
Read More 0 Comments
1 2 … 20 Next →
