As a reader of this blog you likely don’t need to be convinced that SCADA and ICS Security need to be greatly improved. There are several ways to go about accomplishing that, and I am glad that there is a healthy dialogue underway on this topic within the industrial security community. This includes the back and forth between myself and Dale Peterson of Digital Bond, that continues with this article.

Browsing this week’s industry newsletters, I noticed that Automation World had two related stories on new technologies:

• Industry Interrupted: Tablets and Smart Phones Poised to Make a Big Impact
• Industrial Networking Desires Revealed

Editor’s Note: The Practical SCADA Security Blog has a very special blog contributor this week – Mr. Santa Claus, owner and operator of a very large toy manufacturing facility at the North Pole. This is a very busy time of year for Mr. Claus, so we would like to extend a big thank-you to him for sharing his cyber security story with our readers. We would also like to thank him for having the courage to publicly share details of an SCADA/ICS security event that occurred at his facility.

Who is responsible for fixing the thousands (some say 100,000) of vulnerabilities that exist in PLCs, DCS, RTUs and other automation devices that are in use in facilities around the world?

In last week's blog, Heather wrote an excellent summary of Mark Cooksley's network security presentation regarding "Why Industrial Networks are Different than IT Networks". In it she noted that the number one goal of ICS security is based on the concern for safety. This is spot-on in my opinion. However, there is more to consider when it comes to industrial security priorities…