[SCADASEC] IBM is offering 'SCADA security best practices'...

Mark Fabro fabro at loftyperch.com
Thu Feb 7 20:01:55 CST 2008 

Ya know, I kinda agree with Joe. We need to watch what large (and small)
companies actually have real capabilities to do the work. Nobody ever
got fired for using these big companies, but these large companies may
be very incapable to really deliver accurate services. I do think they
need to be aligned with the vendors whenever plausible, and as Joe says
the list of real value-add companies shrink fast when you cut into the
fabric.

I also agree that these companies are very quick to try and apply their
own solutions into the control domain thinking it will be a perfect
fit...and many customers (sadly) think that these solutions will fit
just fine. 

In some cases, although rare, there may be a fit and that is very
exciting. The community can benefit from that. A simple example could be
either IDS sigs and rule sets as well as some traffic shaping (taking
advantage of the predictability of control traffic). But organizations
should be careful to make sure the companies they are considering using
(who may be touting capabilities) actually have some skills and
capabilities that can be really useful, that have solutions that have
been tested, and can provide something that can provide value with
without breaking the system.

We also do a lot of work cleaning up from companies that have hopped on
the 'SCADA security' bandwagon in the last 6 months. A lot of them just
repackage their regular IT assessment service suites for SCADA by a
simple cut'n'paste in the marketing collateral. We see time and time
again the people doing the security work on the control system (even
though they have proven themselves in cyber security) really do not have
the right experience. We see mistakes that are indicative of solutions
that are ill fitted to the domain and showcase a real lack of
understanding. This is not to say that the capabilities are not out
there in these companies, but rather we are just not seeing any
indication of any capability.

I am writing too much, need to stop posting! I am now going back to
lurking...


-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Joe Weiss
Sent: Thursday, February 07, 2008 8:23 PM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] IBM is offering 'SCADA security best
practices'...

I think asking which IT vendors are cross-over vendors is a reasonable
question, but not the right question. To me the right question is which
cross-over vendors have the domain expertise to offer products that work
in a control system environment. Without teaming with control system
domain experts, the list shrinks real fast. Many of the best practices,
intrusion detection/prevention systems, etc are for DCS/SCADA HMI
environments that are really IT environments and are NOT appropriate for
control system field devices. Not coincidently, many of the control
system cyber incidents I have tracked are from inappropriate policies,
technologies, or testing applied to field devices.
Joe Weiss

Joe Weiss PE, CISM
Applied Control Solutions, LLC
Cupertino, CA
(408) 253-7934
(408) 253-7974 Fax
(408) 832-5396 Cell
joe.weiss at realtimeacs.com

 


-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Matthew
Franz
Sent: Thursday, February 07, 2008 4:59 PM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] IBM is offering 'SCADA security best
practices'...

s/IBM/ISS and there is nothing new here right?

ISS, Symantec and other security vendor have had these sorts of
marketing docs for years....

- mdf

On Feb 7, 2008 3:35 PM, Mark Fabro <fabro at loftyperch.com> wrote:
> Indeed this is interesting. I am not sure it is  a service set that is
> widely known, as we work with IBM and I am not sure the service has
> permeated the organization.
>
>
> -----Original Message-----
> From: scadasec-bounces at news.infracritical.com
> [mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Bob
> Radvanovsky
> Sent: Thursday, February 07, 2008 3:16 PM
> To: scadasec at news.infracritical.com
> Subject: [SCADASEC] IBM is offering 'SCADA security best practices'...
>
> Interesting...
>
> http://www-935.ibm.com/services/us/index.wss/offering/iss/a1027203
>
>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
>
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> _______________________________________________
> To unsubscribe from this mailing list, please visit:
> http://news.infracritical.com/mailman/listinfo/scadasec
>
> To review our privacy statement, please visit:
> http://www.infracritical.com/privacy.html
>
> scadasec at news.infracritical.com
> http://news.infracritical.com/mailman/listinfo/scadasec
>



-- 
Matthew Franz
http://www.threatmind.net/

_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec

To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html

scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec

_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec

To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html

scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec

More information about the scadasec mailing list