Medical device control system cyber incidents have injured and killed people

Critical Infrastructure, General Topic, Unfettered 13-January-202613-January-2026 Joe Weiss

Cyber incidents are electronic communication between systems, or between systems and people (as when users interact with displays), that can affect the traditional IT triad of C, I, or A. Cyber incidents can be unintentional or malicious. Medical device control system cyber incidents are more prevalent than has been thought.From the December 2025 issue of IEEE […]

The need for appropriate Purdue Reference Model Level 0 cybersecurity training

Critical Infrastructure, General Topic, Policy, Unfettered 11-December-202511-December-2025 Joe Weiss

I expected by now there would be commercial and government organizations addressing the unique cybersecurity issues at Level 0. They are not. This disconnect highlights a fundamental problem: much of today’s OT cybersecurity training assumes a security posture at Level 0 that simply does not exist. That is, just because Level 0 devices are not […]

Cybersecurity regulations assume a security posture for Level 0 devices that do not exist

Critical Infrastructure, Electric, General Topic, Unfettered 2-December-20252-December-2025 Joe Weiss

An unjustified assumption underlies the cybersecurity of manufacturing and industrial processes. You can’t be cybersecure or safe if you can’t trust your measurements. The lack of embedded cybersecurity in Level 0 devices forces a fundamental reexamination of current regulatory frameworks such as NERC CIP, ISA/IEC 62443-4-2, NIST SP 800-82, API, AWWA, NIS2, CRA, KRITIS, NEI-0809, […]

Using AI in Professional Engineering

General Topic 1-December-2025 Jake Brodsky

It seems that when a new technology becomes practical, there is always a rush by self styled influencers to apply this solution to whatever problems they can think of. Those who question the applicability of this new technology are considered naysayers or even Luddites. Nevertheless, there is a history of overblown, oversold technologies. Remember Blockchains? […]

The Unaddressed Cyber Frontier: Level 0 Sensor Measurement Integrity

General Topic, Policy, Unfettered 23-November-202523-November-2025 Joe Weiss

I was asked by Anna Ribiero from the Industrial Cyber Newsletter about the cybersecurity of Purdue Reference Model Level 0 control system field devices (process sensors, actuators, etc.). Level 0 devices are the 100% trusted input in all sectors. Yet Level 0 devices have no cybersecurity, authentication, cyber forensics, nor appropriate cybersecurity training. If you […]

[UPDATED] “Ninja Squirrels” Continue Plaguing Electric Utilities

General Topic 20-November-202520-November-2025 icadmin

[UPDATE 20-NOV-2025] This is an updated post from the original post ‘Did a “Ninja Squirrel” Cause the Northeast Blackout in 2003?’ (dated 17-Jul-2016). It can be found here: http://scadamag.infracritical.com/index.php/2016/07/17/did-a-ninja-squirrel-cause-the-northeast-blackout-in-2003/ Several more stories from mid/late-2025 implicating squirrels as the cause of recent power outages throughout the United States. Squirrel causes power outage for hundreds of Lafayette […]

After more than 18 years, Aurora is still an existential threat to critical infrastructures

Critical Infrastructure, Electric, Unfettered 8-October-20258-October-2025 Joe Weiss

Control system hardware cybersecurity issues continue to be out of the cybersecurity mainstream. Protective relay issues are an example where there are hardware cyber issues that cannot be detected by network security monitoring. These issues include manipulating registers in the relays and remotely opening and closing the relays. Aurora incidents are a good example of […]