For Instrumentation and Control Systems, the professional society is
the ISA (International Society of Automation, formerly the Instrument
Society of America), of which I am a member... just renewed, in fact!
ISA-5.06.01 is the Functional Requirement Spec for Control Software
Applications, and one of the main governing documents for the
software. But it is more of a design spec than anything else. It's
not hard and fast "this is how to write code" but like most design
specs it describes the minimums necessary to produce a sound control
system.
There is also ISA TR99, which is "Security Technologies for Industrial
Automation and Control Systems," but that is not a spec per-se; it's a
Technical Report, which means that you can use it as reference but not
as a specification.
The ISA has been pushing security ("cybersecurity" is the term often
used in industry to differentiate from physical, real-world security)
a lot in the last few years. Personally I think we'll get Technical
Reports rather than a full blown spec because the nature of the
security threats is going to keep evolving, like this malworm. This
is something brand-spanking new. Sure, "regular" malware can be
devastating to individual users, but industrial malware which can take
a nuclear power plant's safety protocols offlne is the stuff of
apocalyptic science fiction! At least, it was until now!
On Sep 30, 5:42 pm, James Peluso <[email protected]> wrote:
> Thanks for the info Luke. Does your industry have any checks and balances
> when it comes to firmware and coding? Like an ieee or iso standard? Just
> thinking on how to prevent an exploit of this nature
> On Sep 30, 2010 4:31 PM, "Luke" <[email protected]> wrote:
>
>
>
> > Die Hard 4 was about shutting down government infastructure, wasn't
> > it? So in a way, yes, because certain infastructure (a good example
> > would be traffic control) would be controlled by an automation system
> > of some kind, most likely a Distributed Control System.
>
> > This one specifically targets industrial automation systems. For
> > example, on the project I am working we have a general plant
> > automation system (let's call it SPIC) and a more stringent, safety-
> > related automation (lets call it KELS), both of which are running as
> > Distributed Control Systems, albeit each one is seperate and
> > different. We also have a general plant data network, which is all of
> > the ethernet, VOIP, and other "administrative" automation stuff. SPIC
> > and KELS would be the industrial automation stuff which a worm like
> > this might attack.
>
> > On Sep 30, 4:14 pm, James Peluso <[email protected]> wrote:
> >> I'm kind of naive to this part of the industry but, is this what Die Hard
> 4
> >> is about?
>
> >> On Thu, Sep 30, 2010 at 4:12 PM, Luke <[email protected]> wrote:
> >> > I'm an Instrumentation & Control Systems Engineer, so industrial
> >> > automation systems like the ones Stuxnet attacks is right in my
> >> > department's wheelhouse. Needless to say we are watching this VERY
> >> > closely. Industrial automation software is very specific and very
> >> > proprietary -- so a piece of malcode which can attack it has to be
> >> > very specific and single-minded.
>
> >> > On Sep 30, 11:21 am, Cary Preston <[email protected]> wrote:
> >> > > And Iran is taking a beating:
>
> >> > >http://www.debka.com/article/9050/
>
> >> > --
> >> > You received this message because you are subscribed to the Google
> Groups
> >> > "The Unique Geek" group.
> >> > To post to this group, send email to [email protected].
> >> > To unsubscribe from this group, send email to
> >> > [email protected]<theuniquegeek%2bunsubscr...@googlegroups.com>
>
> <theuniquegeek%2bunsubscr...@googlegroups.com>>> > .
> >> > For more options, visit this group at
> >> >http://groups.google.com/group/theuniquegeek?hl=en.
>
> >> --
> >> Jim
>
> >> blog <http://jimpeluso.wordpress.com>
> >> "Keep moving Forward"- Hide quoted text -
>
> >> - Show quoted text -
>
> > --
> > You received this message because you are subscribed to the Google Groups
>
> "The Unique Geek" group.> To post to this group, send email to
> [email protected].
> > To unsubscribe from this group, send email to
>
> [email protected]<theuniquegeek%2bunsubscr...@googlegroups.com>
> .> For more options, visit this group at
>
> http://groups.google.com/group/theuniquegeek?hl=en.
>
>
>
> - Hide quoted text -
>
> - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
--
You received this message because you are subscribed to the Google Groups "The
Unique Geek" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/theuniquegeek?hl=en.
