Blog Posts Tagged with "NERC CIP"
The "Compliance Society"
July 23, 2012 Added by:Bob Radvanovsky
I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...
Comments (5)
Companies Focus on Growth But Lag Behind Threats
June 20, 2012 Added by:Bob Radvanovsky
Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...
Comments (0)
The Need for Improved Critical Infrastructure Protection
June 13, 2012 Added by:William Mcborrough
Tackling the problem of critical infrastructure protection will take concerted efforts from the public and private sectors. An appropriate governance structure is needed to avoid the inevitable over-reaction that will follow the inevitable catastrophic attack against our critical infrastructure...
Comments (4)
Smart Grid Security, Challenges and Change
May 08, 2012 Added by:Larry Karisny
The cost and time of trying to become compliant with guidelines and standards will put smart-grid security years off before it can achieve any security solutions. There must be a way out of what people in the security business are now calling the "smart grid security circus"...
Comments (0)
Are ICS Vendors Really to Blame for Insecure Systems?
April 27, 2012 Added by:Joe Weiss
The implication is that vendors aren’t interested in securing their legacy products. I do know that many ICS vendors supporting the electric industry are frustrated because the utilities may not be required to actually secure these systems to be NERC CIP compliant...
Comments (0)
Are DOE and DHS Helping to Secure the Infrastructure or Not?
March 08, 2012 Added by:Joe Weiss
DOE and the utilities are in an effort to secure the Grid. Yet the utilities voted down Version 5 of the NERC CIPs. Many of the devices that have been demonstrated to be vulnerable would not be addressed by NERC. Who is responsible for protecting critical infrastructure?
Comments (0)
AlienVault Releases SCADA SIEM for Critical Infrastructure
May 31, 2011 Added by:Headlines
"We have a solution that can address the security and compliance needs of customers in process control industries including electric power utilities, public works and oil & gas. You just cannot get that level of capability, reliability and integration with legacy IT or ICS solutions..."
Comments (0)
Debriefing: NERC CIP 011 Standards
March 31, 2011 Added by:Ron Lepofsky
The standards have been recently filed with FERC for approval for the US and with a variety of Canadian provincial authorities. To assist on CIP developments directly from the NERC site, I'm providing a navigation guide to get you directly to where you need to go...
Comments (3)
Do You Know About Heavyweight NERC CIP 011-1?
March 13, 2011 Added by:Ron Lepofsky
Electrical utilities are already challenged with the process of becoming certified for compliance with the NERC CIP standard for IT security. The NERC CIP standard is evolving, thank goodness. Perhaps you haven’t noticed the innocuous sounding proposed new standard now in the creation process...
Comments (2)
What’s the Threat? Smart Grid or Dazed Defenders
February 21, 2011 Added by:Ron Lepofsky
NERC CIP standards are written expressly for electrical utilities. If rigorously deployed they are a material step towards security. A more comprehensive set of security control within COBIT, upon which IT SOX compliance is based, should be considered for hardening the electrical grid...
Comments (0)
- Privilege Escalation Flaws Impact Wacom Update Helper
- Answering Tough Questions About Network Metadata and Zeek
- Qakbot Trojan Updates Persistence, Evasion Mechanism
- Flaws in D-Link Cloud Camera Expose Video Streams
- SOAR: Doing More with Less
- Gaining Control of Security and Privacy to Protect IoT Data
- Growing Reliance on Digital Connectivity Amplifies Existing Risks, Creates New Ones
- How Microsegmentation Helps to Keep Your Network Security Watertight
- Through the Executive Lens: Prioritizing Application Security Vulnerabilities
- Next Generation Firewalls are Old News in the Cloud