[SCADASEC] IBM is offering 'SCADA security best practices'...
Clint Bodungen
clint at cidgcorp.com
Wed Feb 13 11:11:58 CST 2008
I agree with you there on both accounts. In comparison of those two
standards, NIST SP800-53 *is* much more comprehensive than the NERC CIPs and
I'm right there with you on non-federal power agencies. I appreciate your
elaboration.
Clint
-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Joe Weiss
Sent: Wednesday, February 13, 2008 11:04 AM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] IBM is offering 'SCADA security best practices'...
It absolutely does apply here- NIST SP800-53 is more comprehensive than
the NERC CIPs. We did a detailed line-by-line comparison. The
non-federal power agencies should not be less secure.
Joe
Joe Weiss PE, CISM
Applied Control Solutions, LLC
Cupertino, CA
(408) 253-7934
(408) 253-7974 Fax
(408) 832-5396 Cell
joe.weiss at realtimeacs.com
-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Clint
Bodungen
Sent: Wednesday, February 13, 2008 8:52 AM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] IBM is offering 'SCADA security best
practices'...
Not agreeing nor disagreeing with you... just playing devil's advocate.
Does being a Federal Agency make them infallible? Is it truly the
"highest
standard?" Historically speaking I'm not sure I would always put
Federal
and "Highest Standard" in the same category. Sometimes yes and
sometimes no
but does it apply here?
Clint
-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of Joe Weiss
Sent: Wednesday, February 13, 2008 9:51 AM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] IBM is offering 'SCADA security best
practices'...
All federal power agencies already must follow NIST SP800-53 (FISMA) by
federal law. Why should they be held to a higher standard than non
federal power agencies?
Joe
Joe Weiss PE, CISM
Applied Control Solutions, LLC
Cupertino, CA
(408) 253-7934
(408) 253-7974 Fax
(408) 832-5396 Cell
joe.weiss at realtimeacs.com
-----Original Message-----
From: scadasec-bounces at news.infracritical.com
[mailto:scadasec-bounces at news.infracritical.com] On Behalf Of ljknews
Sent: Wednesday, February 13, 2008 7:26 AM
To: scadasec at news.infracritical.com
Subject: Re: [SCADASEC] IBM is offering 'SCADA security best
practices'...
At 8:08 AM -0600 2/13/08, wboyes at putman.net wrote:
> Utilities who depend on
> following the NERC CIPs are in for a great shock when they find
> themselves continuing to be vulnerable.
That is less of a shock than if there were a law change and
they found themselves responsible for following 800-53a.
--
Larry Kilgallen
_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec
To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html
scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec
_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec
To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html
scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec
_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec
To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html
scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec
_______________________________________________
To unsubscribe from this mailing list, please visit:
http://news.infracritical.com/mailman/listinfo/scadasec
To review our privacy statement, please visit:
http://www.infracritical.com/privacy.html
scadasec at news.infracritical.com
http://news.infracritical.com/mailman/listinfo/scadasec
More information about the scadasec
mailing list