Yeah, I am on vacation this week, but I am still watching the news and my information sources. To keep the wife happy, I will not be writing any in depth articles (well not many….), but I will publish this short note to point at potential items of interest. No Public ICS Disclosure post tomorrow.
How Resilient is the Natural Gas Grid? Interesting article looking at the control processes for natural gas pipeline systems. Pull quote: “The natural gas grid really is largely self-powered and engineered to keep on working no matter what.” No discussion about cyber vulnerabilities but does point out the critical systems that could be attacked to stop gas flow.
Democrats clash over Manchin side deal, raising shutdown risk. It’s August and the annual government shutdown talk is in full swing – This article looks at one potential controversy that has to be resolved for at least one continuing resolution (CR) can be passed before October 1st. Unfortunately, it is not the only one.
Understanding The South Staffs Water Cyber Attack. Another water system attack article that shows exposure of water processing control systems. Pull quote: “Keep in mind that had they decided to, the attackers could have caused tremendous physical and financial damage, including loss of life.” Does not look at non-cyber systems that should be in place to prevent distribution of tainted water.
Operators of chemical facilities will follow those of electric utilities, gas pipelines and water treatment plants in being asked to facilitate visibility into their systems. Another look at brief discussion about a potential chemical cybersecurity sprint. Pull quote: “The NIST CSF, as it’s called, allows operators to choose which controls they implement based on the amount of risk they’re willing to accept.” Where physical risk to public exists (such as at many chemical facilities), perhaps someone other than company should be making the acceptable risk decision; see the CFATS program.
DHS rulemakings of concern currently under OMB review (oldest submissions first):
• Vetting of Certain Surface
Transportation Employees - 1652-AA69,
• Request for Information on the
Cyber Incident Reporting for Critical Infrastructure Act of 2022 - 1670-ZA00,
• TWIC--Reader Requirements; Second
Delay of Effective Date - 1625-AC80,
• Homeland Security Acquisition
Regulation: Safeguarding of Controlled Unclassified Information (HSAR Case
2015-001) - 1601-AA76
Posts
No comments:
Post a Comment