Followup: INCOSE Critical Infrastructure Protection and Recovery(CIPR) Conference Call

On Thursday, April 9th, 2020, I gave a presentation to INCOSE Critical Infrastructure Protection and Recovery(CIPR) working group monthly call. With the large attendance, it was evident there was an interesting learning about the critical, but generally not addressed, issues of the engineering aspects of control system cyber security. There was also a common thread […]

Diagramming ICS Security

In a blog post, Sarah Fluchs made a very important point: We have diagrams and abstractions for virtually everything in an industrial control system. But for some reason, we don’t do this for industrial control system network security. I think she has has pointed her finger on the pulse of the problem with industrial control […]

INCOSE Control System Cyber Security Presentation

UPDATE 9-Apr: The April 9th INCOSE presentation now requires a Zoom password. Please send an e-mail to to get the password. This coming Thursday, Thursday April 9th at 3PM Eastern / 12PM Pacific, is the April 2020 international call for the International Council on Systems Engineering (INCOSE)’s Critical Infrastructure Protection and Recovery (CIPR) Working Group’s Smart City […]

Perhaps one step backward in building CIP capacity?

“The definition of insanity is doing the same thing over and over again and expecting a different result                                                                                                – Attributed to A. Einstein A recent post titled “Regarding (AA20-049A) Ransomware Impacting Pipeline Operations”   on SCADASEC pointed out the FUD promoting aspects of an alert published by  The Cybersecurity and Infrastructure Security Agency (CISA) at […]

Will the shields they tell us to raise defend against the Borg?

Have been following the warnings and advice currently given to enterprises on bolstering cyber and other defenses in the wake of the recent (January 2019) escalations of conflict between the US and Iran.  In particular the warnings that focus on advising those who use “industrial control systems and operational technology”[1].  Technologies used to monitor and […]