The Chinese hardware backdoors can cause transformer failures through the load tap changers

As I was reviewing my blogs for a paper I was preparing, I found a nuclear power plant incident involving a station auxiliary transformer load tap changer (LTC) failure. Substation transformers have been acknowledged as the Achilles heel of the electric industry. As a result, the 2015 FAST (Fixing America’s Surface Transportation) Act contained a […]

What would Sun Tzu and Louis Pasteur say about today’s industrial cybersecurity?

Have been following the discussions on industrial cybersecurity, convergence, network vs device security, and IT vs OT vs ICS[2]. Some of the points of view differ greatly on what needs to be done.  This lack of consensus indicates that something may be wrong with our assumptions and our approach.   A disturbing lack progress being […]

Need for an operational cyber capacity before promptly and effectively acting on threat intelligence

“The pump don’t work cause the vandals took the handles[1]” – Bob Dylan, Subterranean Homesick Blues. “Threat intel” and the vendors who are eagerly trying to offer it are very much in our cybersecurity information space.  It sounds like a good idea.  One gets a tip that something is about to target your operations next […]

Convergence of What?

I have seen it. I know you have probably seen it too. It’s that dreaded “Convergence of IT and OT”. It’s the buzz-phrase that just won’t quit. Another buzz-phrase that I keep seeing is Industry 4.0. Most people who toss these terms around are probably not aware of the starkly different philosophies behind them. Convergence […]

Animated logo?

I’ve been noodling around with developing an animated intro for SCADASEC. Based on the consensus of 8 individuals, this was the intro that they thought would have the best impact. My thanks to those who’ve agreed to vote on our new animated logo – thank you. Comments made included providing something ‘hard code’, theatrical, and […]

Tale of Two Conferences on protecting critical infrastructure: it was the best of times, it was the worst of times.

Last week I attended two conferences where protection of critical infrastructure were common themes: one focused more on the technical aspects and the other on international security policy. The first was a virtual plenary session of the International Society for Automation (ISA)[1] Committee 99 which is working on updating the standard for Industrial Automation and […]

A critical look at the CSIS Report “Dismissing Cyber Catastrophe”

Jim Lewis is a Sr VP at the Center for Strategic and International Studies (CSIS). He wrote the article “Dismissing Cyber Catastrophe” dated August 17, 2020 – https://www.csis.org/analysis/dismissing-cyber-catastrophe?utm_source=CSIS+All&utm_campaign=e4d5b3e04c-EMAIL_CAMPAIGN_2018_11_08_05_05_COPY_01&utm_medium=email&utm_term=0_f326fc46b6-e4d5b3e04c-221758737 . In ‘Dismissing Cyber Catastrophe,’ Jim argues that concerns about industrial cyber security are overblown and the risk is exaggerated. Because the view that ‘cyber catastrophes’ are […]