An unjustified assumption underlies the cybersecurity of manufacturing and industrial processes. You can’t be cybersecure or safe if you can’t trust your measurements. The lack of embedded cybersecurity in Level 0 devices forces a fundamental reexamination of current regulatory frameworks such as NERC CIP, ISA/IEC 62443-4-2, NIST SP 800-82, API, AWWA, NIS2, CRA, KRITIS, NEI-0809, […]
Using AI in Professional Engineering
It seems that when a new technology becomes practical, there is always a rush by self styled influencers to apply this solution to whatever problems they can think of. Those who question the applicability of this new technology are considered naysayers or even Luddites. Nevertheless, there is a history of overblown, oversold technologies. Remember Blockchains? […]
The Unaddressed Cyber Frontier: Level 0 Sensor Measurement Integrity
I was asked by Anna Ribiero from the Industrial Cyber Newsletter about the cybersecurity of Purdue Reference Model Level 0 control system field devices (process sensors, actuators, etc.). Level 0 devices are the 100% trusted input in all sectors. Yet Level 0 devices have no cybersecurity, authentication, cyber forensics, nor appropriate cybersecurity training. If you […]
[UPDATED] “Ninja Squirrels” Continue Plaguing Electric Utilities
[UPDATE 20-NOV-2025] This is an updated post from the original post ‘Did a “Ninja Squirrel” Cause the Northeast Blackout in 2003?’ (dated 17-Jul-2016). It can be found here: http://scadamag.infracritical.com/index.php/2016/07/17/did-a-ninja-squirrel-cause-the-northeast-blackout-in-2003/ Several more stories from mid/late-2025 implicating squirrels as the cause of recent power outages throughout the United States. Squirrel causes power outage for hundreds of Lafayette […]
The Truth About OT Data and What It Costs
“You can’t handle the truth!” –Col. Jessup played by Jack Nicholson in the 1992 movie “A Few Good Men“ Many think that if they could just get closer to the data that they will somehow discover something that will save the company millions and that will more than justify all the expense and hassle. I […]
The Grid Podcast blog – The state of control system cybersecurity
Wednesday October 29, at 4:00 P.M. Eastern, I will be a guest on The Grid Podcast Episode 6: “The State of Control System Cybersecurity”. The Grid Podcast can be found at https://www.youtube.com/@thegridpodcast777. OT networks are being attacked with a plethora of ransomware attacks. What is not so evident is that control systems are also being impacted as […]
After more than 18 years, Aurora is still an existential threat to critical infrastructures
Control system hardware cybersecurity issues continue to be out of the cybersecurity mainstream. Protective relay issues are an example where there are hardware cyber issues that cannot be detected by network security monitoring. These issues include manipulating registers in the relays and remotely opening and closing the relays. Aurora incidents are a good example of […]
Recollections from 9/11
The week of 9/11, I was in Houston along with 40,000 others for the ISA Expo. On 9/9 I was made an ISA Fellow. On 9/10, we held two sessions on CONTROL SYSTEM (there was no such term as OT at the time) cybersecurity that were well attended by the engineers with minimal IT attendance […]
Stuxnet lessons yet to be learned after 15 years
Five years ago, I wrote about the lessons yet to be learned from Stuxnet[1] and have read a recent article by an industry opinion leader on the same theme. The author states several lessons which I think are worth discussing and ends the article by asking the reader what they would add to the list[2]. […]
What have we learned since Stuxnet – when it comes to control system cyber security not much
For SCADASec Fifteen years ago, I wrote the blog – “Malicious vs unintentional cyber incidents – why it is necessary to include unintentional incidents” This blog was written weeks before Stuxnet and its impact on control systems and centrifuge damage were made public. Stuxnet demonstrated that cyberattacks could be made to look like equipment malfunctions […]