Saturday, November 16, 2013

Short Takes – 11-16-13

It has been a very busy week at work, so much so that the day-job expanded well into the evening and early-morning hours as well. Here are some brief looks at some of the topics that I might have discussed if more time had been available.

CFATS Delays

While the CFATS program has been back up and running for a month now since the federal funding fiasco ended, they have still not published some things that probably should have been published well before the FFF. These include the presentations from the 2013 CSSS and the 30-day PSP ICR notice. There are also some short term late postings that are of concern; including the stats for the abbreviated October site security plan process and the list of chemicals that might be added to the DHS chemicals of interest list (required by the Chemical Safety and Security EO). It would also have been nice to see a public statement about the recent comparison of the Top Screen list and the EPA’s RMP list to find unreported chemical facilities.


There have been a couple interesting running debates in the cybersecurity press and blogosphere. Most are more technical than I am willing to wade into with my opinions, but they really need to be expanded to the non-technical press because they potentially have important consequences in the public realm. One concerns the actual consequences of exploits of the DNP3 vulnerabilities that I have discussed here. Another is the perennial debate about whether we should concentrate our cybersecurity improvement efforts at the device level or at the perimeter.

Cybersecurity Legislation

There has been mention in the mainstream press for about a month now about the imminent offering of several bits of cybersecurity legislation in both houses of Congress. Nothing has been offered yet. While Congress is unlikely to pass anything this year or next, the offering of the legislation would prompt further detailed discussions.

Cybersecurity Framework

I have been unwilling to get into a detailed discussion about the details of the published Cybersecurity Framework because I think the document is largely a waste of paper. There has been an interesting Twittversation (Tweets take less time than blogs, follow me @PJCoyle) on the topic that I have been part of (see #NISTCSF).

Back to Normal

It looks like work is back to a 10 to 11 hour day, so there should be more time for the blog. I still might get a chance to discuss the above topics in more detail as other news allows.

No comments:

/* Use this with templates/template-twocol.html */