Link

Control Systems Security Certification

Tags

, , , , , , ,

Control Systems Security Certification

Control Systems Security continues to look for validation on what knowledge, skills and abilities qualify individuals to secure our critical infrastructure.  If you try and take the path of the NICE (http://csrc.nist.gov/nice/framework/) it does not work.  NICE, GIAC and the DHS have trouble defining the true skill set.  Developing the workforce to provide a comprehensive cyber security posture is a daunting task.  One thing to keep in mind is that Industrial Control Systems are decades old and the technical awareness to secure these systems span generations of Automation Specialist.  As I agree that some progress is better than nothing, but it is not even close to addressing the actual gaps in our workforce.

Langner releases RIPE framework, chastises the industry for negligence..

Tags

, , , , , , ,

    Just as NIST released a draft of the U.S. government’s Cyber Security Framework (PDF) for industrial control systems (ICS), Ralph Langner responded with his proposed RIPE framework that he says is a better fit for Control Systems.  Many critical infrastructure operators are looking for answers on where to start understanding ICS security.  The NIST framework is designed to outline a core structure to include a user’s guide and an executive overview that describes the purpose, need and application of the drafted framework in critical infrastructure control system environments. NIST has reflected comments that emphasized the importance of executive involvement in managing cyber risks, “the framework is designed to help business leaders evaluate how prepared their organizations are to deal with cyber threats and their impacts.” – NIST

Continue reading

Community oversight in Industrial Control System Security

Tags

, , , , , , ,

Anyone who watches the news knows that there are an enormous amount of vulnerabilities within the Industrial Controls Systems (ICS) industry and the market is inundated with problems. The White House has issued an executive order and subsequently PPD-12 to address the need for Critical Infrastructure Security.  The overarching problem is that ICS systems are focused on reliable real time information with redundant hardware to prevent data loss or mitigate equipment failure.  This core design paradigm essentially negates security at all levels. Now with the changing landscape of the ICS world the focus is split between the needed legislation, hardware manufacturers and asset owners.

Continue reading