Tuesday, September 14, 2010

ID Looks at Stuxnet and CFATS

One of the blogs on my blogroll that I watch closely is the From the Field blog by the folks at Industrial Defender. They (along with Digital Bond) cover industrial control system security issues in language and detail that I can follow. Today I have to especially direct my readers to an excellent article on From the Field by Andrew Ginter that specifically addresses CFATS issues; Stuxnet vs CFATS and NERC-CIP.

Andrew does a good job of explaining how a CFATS compliant facility probably would not have been able to prevent their control system from being infected by the Stuxnet Worm. Anyone that is responsible for industrial control system security issues (and especially those at high-risk facilities) certainly need to spend some time reviewing Andrew’s blog and figuring out how it fits in with the cyber security plan for your facility.

I’ll leave this post at that. If I try to explain what Andrew explains, I’ll certainly screw it up and just get you confused; read Andrews post.

No comments:

/* Use this with templates/template-twocol.html */