Cybersecurity programs assume organizations can recognize control system incidents as being cyber-related. Yet the lack of control system cyber expertise by government organizations including NTSB, FDA, FBI, TSA, EPA, CISA, and DOE have not identified control system incidents as being cyber-related. The five cases discussed were fatal catastrophes. In all cases, NTSB identified control systems […]
Critical infrastructure cyber security incident reporting is not working
Viable cyber security programs require organizations to recognize incidents as being cyber-related. That is generally straightforward for IT and OT network-based cyber incidents. However, the same can’t be said for control system cyber incidents in any sector. People in cybersecurity are comfortable with saying that insider threats (to data and IT systems) can be either […]
Follow-up: Report of another PLC compromised using cyber means
(cross-posted from the SCADASEC mailing list – posting was reply from Marina Krotofil) A couple of other friends reached out and asked for more details and more thoughts.So I wanted to add a couple more things. Note, that I do not havevisibility into the EXACT configuration of LvivTeploEnergo infrastructure,which is insanely complex as well as […]
Report of another PLC compromised using cyber means
(cross-posted from the SCADASEC mailing list – posting was reply from Marina Krotofil) I just went through the Dragos report, the Wiredarticle, the Ukrainian sources, Nozomi report, some more foreign articles,Medium articles, Dale Peterson opinion piece, CERT-UA page, spoke to someICS folks who already looked into the sample, and I have so many questions. 1. […]
CrowdStrike, SolarWinds, and Stuxnet demonstrated the cyber fragility of IT and OT systems
Fifteen years ago, Stuxnet demonstrated that getting to the Engineers’ Workstations can cause devastating damage. Three years ago, SolarWinds showed that malware could be inserted into the update cycle. Two weeks ago, CrowdStrike demonstrated that Engineers’ Workstations are still cyber vulnerable to automatic updates that are fully trusted. It was evident that OT (and IT) […]
Anybody listening? Another report of a cyber attack on Industrial Automation and Control Systems.
“Everybody talks, nobody listens. Good listeners are as rare as white crows” – Helen Keller Wired[1] cites a Dragos report[2] on a cyber-attack on ICS with affect on well-being of society. The attack was performed using the MODBUS protocol[3] and was able to manipulate ICS devices (ENCON PLC) to cause heating systems to fail in […]
Issues with Identifying Control System Cyber Incidents – MORS presentation
July 17, 2024, I gave a presentation to the Military Operations Research Society (MORS) on “Issues with Identifying Control System Cyber Incidents.” Government and industry organizations tend to under-report, and under-share control system cyber incidents. Identifying control system cyber incidents is much less mature than IT and OT network anomaly detection with minimal applicable cyber […]
Military Operations Research Society (MORS) webinar – Issues with Identifying Control System Cyber Incidents
On July 17 at 9am Pacific, Joe Weiss will be presenting on “Issues with Identifying Control System Cyber Incidents”. There have been more than 17 million control system cyber incidents that have killed more than 32,000. Impacts have ranged from equipment shutdowns to region-wide power outages to catastrophic damage and deaths. These incidents (malicious and […]
URL Shortened Websites
A URL shortener (or “link shortener”) is an application that condenses web addresses, redirecting the shorter URL to the original web address URL. There are plenty of URL shorteners available (both free and paid), such as Bitly, along with blogging media (such as X (formerly Twitter)) and WordPress, as they often include automatic URL shortening […]
Identifying control system cyber incidents requires expertise not readily available and government reporting changes
Identifying control system incidents as being cyber-related is difficult. It is complicated when government and industry organizations rush to judgment by stating that incidents weren’t cyberattacks without knowing the actual cause or setting reporting thresholds that exclude many actual control system cyber incidents. Consequently, it is difficult to identify trends when so many real cases […]