New cyber security blog tackles DCS, SCADA vulnerabilities

Consultants Matt Luallen and Steve Hamburg take questions and facilitate discussion.“The reality is that securing control systems is an incredible challenge, and the threats are expanding and evolving,” they say.
By Control Engineering Staff November 10, 2008

A new blog, “Industrial Cyber Security,” has debuted for users, system integrators and others involved with distributed control system (DCS) and SCADA system implementation and management. Bloggers Matt Luallen and Steve Hamburg, both of Encari , combine cyber security know-how with process control and SCADA system experience to create an opportunity for dialogue and training within the industrial community. “Listen in: New cyber security podcast and blog.”

Luallen and Hamburg are consultants and trainers who focus on providing critical infrastructure protection consulting services to chemical and industrial companies, and electric and other utilities. “The reality is that securing control systems is an incredible challenge, and the threats are expanding and evolving,” they say.

In their first blog posting, Luallen and Hamburg make the point that creating a secure system is not only possible but essential—but it’s not going to come without hard work. “The foremost challenge is to assure continued, reliable business operations as we make modifications to secure the system.s a SCADA exploit plugin ( see Citect SCADA vulnerability announcement ), they add.

One tool for creating comprehensive cyber security processes is the U.S. National Security Agency’s Special Publication (SP) NIST SP 800-82 , which is under development and available for public comment until November 30, 2008. Through the blog, Luallen and Hamburg will

Visit the blog , which is accessible via www.controleng.com , to ask questions and to comment on these and other security topics.

– By Renee Robbins , senior editor
Control Engineering News Desk
Register here and scroll down to select your choice of eNewsletters free .