Zero Trust and ICS

The goal of Zero Trust is getting data securely across network, storage, and computing infrastructure you may not trust. The message is usually between two software entities that are trusted with human beings behind them. But that’s not what happens in an Industrial Control System, such as a DCS or a PLC based plant system. […]

Focus on Integrity

There may be a few people who are puzzled by why I referred to PLC Security as “security.” And this brings me to an often forgotten part of the AIC security triad. Yes, there is Availability. There is Confidentiality. You tend to see a lot of discussion about the former among ICS security people. You […]

Followup: INCOSE Critical Infrastructure Protection and Recovery(CIPR) Conference Call

On Thursday, April 9th, 2020, I gave a presentation to INCOSE Critical Infrastructure Protection and Recovery(CIPR) working group monthly call. With the large attendance, it was evident there was an interesting learning about the critical, but generally not addressed, issues of the engineering aspects of control system cyber security. There was also a common thread […]

Diagramming ICS Security

In a blog post, Sarah Fluchs made a very important point: We have diagrams and abstractions for virtually everything in an industrial control system. But for some reason, we don’t do this for industrial control system network security. I think she has has pointed her finger on the pulse of the problem with industrial control […]

INCOSE Control System Cyber Security Presentation

UPDATE 9-Apr: The April 9th INCOSE presentation now requires a Zoom password. Please send an e-mail to to get the password. This coming Thursday, Thursday April 9th at 3PM Eastern / 12PM Pacific, is the April 2020 international call for the International Council on Systems Engineering (INCOSE)’s Critical Infrastructure Protection and Recovery (CIPR) Working Group’s Smart City […]