Skip NERC CIP version 4 and go straight to version 5

Posted on April 18, 2013 by Joe Malenfant

On April 18th, 2013 FERC held a meeting in which it heard from NERC regarding the proposed Critical Infrastructure Protection version 5 standards. The committee voted to skip version 4 and move straight to version 5, and the recently issued Presidential executive order on critical infrastructure cyber security appeared to largely be the driving force behind the rapid movement. Some of the major changes for version 5 include: New risk-based tiered classification system for cyber assets: High, Me << More >>

Distributech wrap up

Posted on February 1, 2013 by Joe Malenfant

While the focus of Distributech is the distribution component of utilities, the discussions spanned the “Smart Grid” gamut. Demand response, advanced metering infrastructure (AMI), distribution management systems, clean energy production, and securing the grid were some of the highlights of the opening keynote presentations. It’s no secret there is demand on the grid like never before. The last 10 years have provided technological advancements that are putting the need for demand response << More >>

Red October: 3 mitigation strategies, and the need for cybersecurity basics

Posted on January 15, 2013 by Joe Malenfant

If you didn’t catch the Kaspersky report on Red October, check it out here. Their map shows just how wide spread it was. There will certainly be a thorough dissection of the malware over the coming weeks. While Red October didn’t specifically affecting industrial control systems the oil and gas infrastructure that has been known to be targeted is in UAE, Russia, Azerbaijan and Turkmenistan. What it is though is a good lesson in overall security basics and best practices. It really highlights << More >>

2 Key takeaways from the 2012 SANS SCADA & PCS Summit

Posted on February 6, 2012 by Joe Malenfant

The last couple weeks have been incredibly exciting for Industrial Defender! First, at the SANS SCADA & PCS Summit on January 24th we launched our next generation technology, Automation Systems Manager that unifies security, compliance, and change management activities through a single pane of glass. Second, on the heels of the launch we were ranked the #1 Smart Grid security provider by Pike Research, a great accolade on its own. The SANS SCADA & PCS summit is a chance for those of << More >>

Time for a Unified Approach to Security, Compliance and Change Management

Posted on January 11, 2012 by Joe Malenfant

For ICS and automation system professionals, there’s a new, must-read report from Pike Research, the clean tech market research people. Convergence in Automation Systems Protection was written by Pike senior analyst and cyber security expert, Bob Lockhart. It looks at the changing dynamics in the automation systems market, including technology, regulatory and business trends. The report details how these factors are reshaping the needs and requirements of organizations with major automation sy << More >>

The balancing act: Operations, Security, and Compliance

Posted on December 19, 2011 by Joe Malenfant

On December 14, 2011 Industrial Defender posted results of a global survey of ICS professionals. Lots of great data points, but ultimately what does it mean? I think it clearly points to a shifting of the tide; both ICS and IT professionals are feeling similar burdens, which can simply be characterized as “do more with less.” Not that this is a big secret, but the last few years have put quite the strain on companies globally, not just here in the US. Looking at the Bureau of Labor << More >>

Dreaming of being secure

Posted on November 30, 2011 by Joe Malenfant

In the last few months there have either been an increased number of attacks on critical infrastructures, or increased media attention to the few that have occurred. Either way, when the spotlight is pointed in your direction, you have to be ready for the attention. Do you need to worry about Duqu, Stuxnet or any attack that steals intellectual property? Although many would agree the probability of a nation state cyber-attack is low, I wear my seatbelt on the way to work because if somethi << More >>

Duqu: ICS experts weigh in on protecting against zero-day threats – Oct. 25, 2011 Webcast

Posted on October 24, 2011 by Joe Malenfant

On October 18, 2011, ICS-CERT issued an advisory related to the discovery of new malware – W32.Duqu – targeting industrial control systems. One year after revelations of Stuxnet came to light, the emergence of Duqu points to the continued need for vigilance in protecting critical infrastructure. What does Duqu – and future zero-day threats – mean to your organization? Join an interactive panel discussion with experts from Industrial Defender, Red Tiger Security and The SCADAhacker on Tue << More >>

ICS Perspectives

Author Archives: Joe Malenfant