“You can’t handle the truth!” –Col. Jessup played by Jack Nicholson in the 1992 movie “A Few Good Men“ Many think that if they could just get closer to the data that they will somehow discover something that will save the company millions and that will more than justify all the expense and hassle. I […]
The Grid Podcast blog – The state of control system cybersecurity
Wednesday October 29, at 4:00 P.M. Eastern, I will be a guest on The Grid Podcast Episode 6: “The State of Control System Cybersecurity”. The Grid Podcast can be found at https://www.youtube.com/@thegridpodcast777. OT networks are being attacked with a plethora of ransomware attacks. What is not so evident is that control systems are also being impacted as […]
After more than 18 years, Aurora is still an existential threat to critical infrastructures
Control system hardware cybersecurity issues continue to be out of the cybersecurity mainstream. Protective relay issues are an example where there are hardware cyber issues that cannot be detected by network security monitoring. These issues include manipulating registers in the relays and remotely opening and closing the relays. Aurora incidents are a good example of […]
Recollections from 9/11
The week of 9/11, I was in Houston along with 40,000 others for the ISA Expo. On 9/9 I was made an ISA Fellow. On 9/10, we held two sessions on CONTROL SYSTEM (there was no such term as OT at the time) cybersecurity that were well attended by the engineers with minimal IT attendance […]
Stuxnet lessons yet to be learned after 15 years
Five years ago, I wrote about the lessons yet to be learned from Stuxnet[1] and have read a recent article by an industry opinion leader on the same theme. The author states several lessons which I think are worth discussing and ends the article by asking the reader what they would add to the list[2]. […]
What have we learned since Stuxnet – when it comes to control system cyber security not much
For SCADASec Fifteen years ago, I wrote the blog – “Malicious vs unintentional cyber incidents – why it is necessary to include unintentional incidents” This blog was written weeks before Stuxnet and its impact on control systems and centrifuge damage were made public. Stuxnet demonstrated that cyberattacks could be made to look like equipment malfunctions […]
NERC Sensors
The fallacy that the electric grid is cybersecure by meeting the NERC CIPs is finally being exposed. Situational awareness is based on process sensor input that is incorrectly assumed to be uncompromised, authenticated, and correct. Because process sensors use non-routable protocols, they have not been considered to be NERC Cyber Assets. Depending on the situation, […]
Network tabletop exercises don’t include engineering and plant operations
If engineering and operations are left out of cybersecurity training and exercises, it’s no surprise that they’d also tend to be overlooked during the pressure of an actual incident. The complexity in manufacturing and industrial control systems is not understood by network security. Simply restarting IT and OT networks from a “golden backup” is not […]
Does anyone tell the truth anymore?
The more important question that you might want to ask is: *who* should you trust for your information? The recent (so-called) malware attack at the Vermont electric utility on 30-Dec-2016 (Friday) demonstrates that, due to political agendas, that intelligence information may be manipulated. Throughout most of Friday, DHS (and its various departments) and FBI, hosted […]
What are the unlearned lessons from Stuxnet
July 22, 2025 the US House Committee on Homeland Security held a hearing, “Fully Operational Stuxnet 15 Years Later & the Evolution of Cyber Threats to Critical Infrastructure”. Stuxnet was not an attack on the networks. Rather, Stuxnet was a stealth attack that damaged physical infrastructures by manipulating physics. Stuxnet used networks as a conduit […]