July 21, 2021, I participated in a live webinar discussion, hosted by ThreatConnect’s Dan Verton, on mitigating risk in critical infrastructures with Bob Kolasky from DHS CISA and Tim Grieveson from Aveva. The webinar link can be found at ThreatConnect Podcast Ep. 21: Mitigating Cyber Risk in Critical Infrastructures I met Dan in 2001 when I was at EPRI and he was with ComputerWorld. Unfortunately, many of the unresolved control system cyber issues in 2001 still exist in 2021. My focus has always been on the reliability and safety of the critical infrastructures not the loss or compromise of data. That is, keeping lights on, water flowing, etc. which is not the same as keeping networks available. Tim Grieveson and I were in agreement on the need to address the culture gap between engineering and network organizations. Unfortunately., the CISA discussions didn’t address some of what is necessary to secure control systems including the lack of addressing actual control system cyber incidents and the lack of security in process sensors. Results from ThreatConnect webinar on mitigating risks in critical infrastructures and on-going actual risks