Risk Assessments Are Not

The problem with discussing risk on a SCADA/ICS network, especially the way that most security guidelines describe it, is that it isn’t a linear function. In other words, the risk of A happening, B happening, and C happening are not A times B times C. It might be true with safety, but it is definitely […]

In addressing cyber threats to critical infrastructure, it is helpful to think of the lesson of the “3 Little Pigs”

On June 7th the European People’s Party organized a public hearing on Cybercrime and Cybersecurity at the European Parliament in Brussels, Belgium (1) . It was a great honor to be invited as a speaker on Cybersecurity and Critical Energy Infrastructure for the second panel discussion covering the theme of “Cybersecurity: improving European industry”. I […]

Succession Planning

After 31 years at the Washington Suburban Sanitary Commission (WSSC) I’m eligible to retire. I will be starting a new position at Jacobs Engineering next month. My kids are looking at colleges and frankly, I need the money. I would happily stay with WSSC if I could afford to, but I can’t. In case you […]

Fun with Fiber Optics

I was swapping out a router today. Our old ones have served us long and well, but the vendor is no longer supporting them as they used to. We also had some creatures that I wanted to get rid of. On the wall in the telecommunications shelter there were three cheap 100Base-FX to 100BaseT converters, […]

Good news for ICS protection: ISA providing new ISA/IEC 62443 based industrial cybersecurity training

The great Chinese military strategist Sun Tzu in his book the “Art of War” stated that (to paraphrase) “if you know yourself and the enemy, you will prevail in every battle”. This saying is applicable to the protection of industrial control systems that comprise the technical foundation for today’s critical infrastructure. One of the long-term […]

SCADA as a Service in the Cloud

As I have pointed out earlier, infrastructure should not become reliant upon other infrastructure. The reason is to avoid common failure modes and to make restoral more straightforward and less inter-reliant. This is why I have been looking at the SCADA-as-a-Service (SaaS) and Cloud SCADA with great skepticism. Let’s start with some obvious questions. Are […]