klaus.bender@utc.org's blog

user warning: Unknown column 'type' in 'field list' query: SELECT module, type FROM captcha_points WHERE form_id = 'search_block_form' in /home/insighto/public_html/sites/all/modules/111captcha1/captcha.inc on line 55.

ICS-CERT Issues Alert on Attacks on SCADA Systems

The Industrial Control System Cyber Emergency Response Team (ICS-CERT) has issued an alert on February 3, 2012, concerning SSH scanning activity that is targeting control systems. The agency states that this Alert is being issued  to inform critical infrastructure and key resource (CIKR) asset owners and operators of recent and ongoing activity involving secure shell(SSH), a scanning of Internet facing control systems.

As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks. The full alert is available for review here.

NERC CIP Version 5 Fails to Pass First Vote

Version 5 of the NERC Critical Infrastructure Protection (CIP) was released for comment and vote in December. The results of the voting have been released and the standard updates failed to receive the necessary votes to pass. The voting results can be viewed and downloaded here.

Honeywell's Tom Alrich, who has been working closely with this process, commented, "The only positive vote of greater than 40% was for the implementation plan. CIP-003 and CIP-008 got between 30 and 40% positive votes. Everything else got under 30% positive. In addition, participation was quite high - over 90% for each ballot." Mr. Alrich notes that the Standard Development Team is working on changes that will increase the likelihood of ratification in the next vote. 

Version 3 of the NERC CIP standards are in place now, with version 4 approved and waiting implementation. Some industry professionals hoped that version 5 would be approved quickly so that implementation of procedures to comply with version 4 would not be necessary. The failed vote brings this possibility in question. 

SGIP Release Revised Testing Procedures

The NIST Smart Grid Interoperability Panel (SGIP)has released version two of its Interoperability Process Reference Manual, with a guide to the process by which test laboratories and certifying organizations are accredited for evaluation of Smart Grid products. Utilities that are interested in smart grid interoperability testing, and the procedures recommended by NIST, should download the document as a reference.

Read more »

Industry Association Considers Creation of a Green Button Support Group

The UCA International Users Group is considering the creation of a community to support the "green button" initiative that is supported by the White House (see related Insight article). According to Erich Gunther, UCA International chairman, the White House Office of Science and Technology Policy Green Button initiative is moving forward very quickly.

Gunther stated that the Green Button is at once a concept, a policy, a brand and a collection of technologies and creates both opportunities and challenges for utilities and their customers. UCA will likely vote next week to move forward with the creation of a Green Button support mechanism. Those utilities interested in participating should contact UCA International or Klaus Bender at UTC. You will be provided relevant information when it is available.

Interim Version 4.0.1 of the Cyber Security Evaluation Tool Released

The Department of Homeland Security (DHS) Control Systems Security Program (CSSP) has released an interim Version 4.0.1 of the Cyber Security Evaluation Tool (CSET). This new version of the tool can be downloaded from the CSSP website:


This interim Version 4.0.1 release addresses some minor issues identified in report formatting and corrects a problem with Zone Security Assurance Level (SAL) calculations. In addition, this release incorporates a new sub-report to isolate and show user comments in a single location, includes modifications to clarify how firewall analysis is performed, and improves the gap analysis for pass/fail standards.


Draft SGIP Document on Security Assessment is Released

In an email to the National Institute of Standards and Technology's (NIST) Smart Grid Cybersecurity Working Group (CSWG), it was announced that the CSWG Testing and Certification subgroup has completed the draft SGIP document, “Guide for Assessing the High-Level Security Requirements in NISTIR 7628, Guidelines for Smart Grid Cyber Security.” The document provides a foundation to facilitate a security assessment based on the NISTIR 7628 high-level security requirements. The agency released the smart grid security guidelines in the NISTIR 7628 document in 2010, but some utilities have struggled with using the document in order to create real world security policies. This guide is written to provide a foundation to facilitate a security assessment based on the NISTIR 7628 high-level security requirements implemented within an effective risk management program. Read more »

Industrial Controls Group Releases Version 3 of the Cybersecurity Roadmap

The Industrial Control Systems Joint Working Group (ICSJWG) has created a consolidated document; a sector independent roadmap. This Cross-Sector Roadmap was conceived and developed over the last two years by industry and government thought leaders that saw the need for a unifying Roadmap to secure control systems across all critical sectors. Version 3 of the consolidated roadmaps is available for download. The document aids entities in creating a cybersecurity plan that incorporates the unique environment of control systems. The document is an excellent addition to a utility’s cybersecurity reference library and is available here.
  Read more »

NERC Issues New CIP 5 Standards and Implementation Plan For Comment

In a recent announcement, the North American Electric Reliability Corporation (NERC) has published ten CIP standards (CIP-002-5 through CIP-009-5, CIP-010-1, and CIP-011-1), a set of new and revised NERC Glossary definitions, and a proposed implementation plan. The documents have been posted on the NERC website for a formal 60-day comment period through Friday, January 6, 2012, which will be accepted via an electronic form. The implementation plan, also called the mapping document, identifies each requirement in the already-approved Version 4 CIP standards and identifies how the requirement has been treated in the Version 5 CIP standards. For more information, click here.


NESCO Completes Cybersecurity Review of SEP 1.0 and 1.1

The National Electric Sector Cybersecurity Organization Resource (NESCOR) technical working group (TWG) has created a sub-group to specifically address the first two versions of the ZigBee Smart Energy Profiles (SEP) - SEP 1.0 and 1.1. The Zigbee Smart Energy Profile (SEP) allows smart utility meters to communicate with home areas network (HAN) devices in order to provide price signals and other information that allows consumers to control their energy expenditures.

The SEP is being updated to version 2.0 to allow power line carrier, WiFi and other communications architectures. However, there is a large deployed base of version 1.0-era devices. There have been industry concerns about cybersecurity vulnerabilities of the 1.0-era devices. To assist utilities, regulators, and integrators who are deploying and configuring SEP 1.x in field devices and to address these concerns, NESCOR, the Cyber Security Working Group (CSWG), and other experts have developed a technical white paper to provide guidance on the use of both profiles. That white paper is available here.

DHS Under-Secretary Comments on Control Systems

Gregory Schaeffer, Acting Deputy Under Secretary, National Protection and Program Directorate, DHS, was one of the keynote speakers at the Industrial Control System Joint Working Group (ICSJWG) meeting held October 24th through the 26th in Long Beach, CA. He noted that ICSJWG offers an opportunity for the control system industry to catch up with security. Control system technology has “outrun its headlights” with respect to cybersecurity. He remarked that cybersecurity today touches everything and we need to treat it holistically. Further, the environment has changed since the 1990’s when the issue first arose. He said, "We are now worried about cybercrime. This problem evolved so rapidly and thoroughly, this area of crime is now far more lucrative than even the narcotics trade. In the last several years, hacking to get information and money has evolved into hacking for intellectual property. Vast amounts of information, both in the private and public sector, is being syphoned into the wrong hands. Identity theft is still a problem."
  Read more »

Syndicate content



UTC Member Tweets