CNN is reporting the following: Exclusive: US assessing reported leak at Chinese nuclear power facility Taishan 1 is the first EPR to go commercial. The instrumentation and control systems at Taishan may not have played a role in whatever is occurring. However, I was part of an arbitration hearing between TVO and Siemens/Framatome Because of various […]
Category: Electric
A Reality Check of the DOE 100-Day Plan to Address Cybersecurity Risks to the US Electric System
I am happy to see ICS cyber security specifically being addressed by the US Secretary of Energy. It is “unobtainium” to secure the electric system, or any other industry which uses the same equipment, within 100 days even though there can be a good start. Network cyber threat prevention and situational awareness can be employed […]
Enough About Data Breaches. Let’s Talk About OT Security – TAG Cyber
Tag Cyber moderated a roundtable discussion with Mark Weatherford and me on control system cybersecurity. The discussion was why operational technology (OT) is woefully neglected—and what can be done to change that. This discussion becomes even more timely with the recent DOE 100-Day Plan to Address Cybersecurity Risks to the US Electric System. The roundtable […]
Observations from 2021 SANS ICS Cyber Security Conference
The 2021 SANS ICS Cyber Security Conference was held March 4-5, 2021 with almost 9,000 registrants globally. The Conference thoroughly addressed OT networking issues. However, cyber security issues associated with Level 0,1 devices were not as adequately understood and addressed. There was also almost no discussion of the hardware backdoors in the Chinese-made transformers. My […]
Texas power outages demonstrate grid cyber vulnerability and inadequacy of existing regulations
Recent Texas power outages and the loss of both electricity and water across Texas demonstrate how vulnerable ERCOT and Texas are to not only natural disasters such as snowstorms and hurricanes but also manmade and malicious activities. More than that, it also demonstrates the vulnerability of the entire U.S. Energy grid. The good news is […]
Why America would not survive a real first strike cyberattack today
Mike Rogers is a former member of Congress who served as chairman of the House Intelligence Committee. He is the David Abshire Chair at the Center for the Study of the Presidency and Congress and is a senior fellow with the Intelligence Project at the Belfer Center for Science and International Affairs at Harvard University. […]
Don’t overlook the most consequential control system cyber events of 2020
URL: https://www.controlglobal.com/blogs/unfettered/dont-overlook-the-most-consequential-control-system-cyber-events-of-2020/ Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers, an incident that prompted Presidential Executive Order (EO) 13920. The hardware backdoors are obvious control system threats. The second event was the Russian SolarWinds […]
The Chinese hardware backdoors can cause transformer failures through the load tap changers
As I was reviewing my blogs for a paper I was preparing, I found a nuclear power plant incident involving a station auxiliary transformer load tap changer (LTC) failure. Substation transformers have been acknowledged as the Achilles heel of the electric industry. As a result, the 2015 FAST (Fixing America’s Surface Transportation) Act contained a […]
Targeting Control and Safety Instrumented Systems (SIS): new escalation of cyber threats to critical [energy] infrastructure
“It is no use saying, ‘We are doing our best.’ You have got to succeed in doing what is necessary.” – Winston Churchill Introduction Industrial Control and Safety systems play an important part in insuring that the physical processes taking place in a manufacturing plant, power generation facility or other segment of critical infrastructure do […]
Spanish Civil War 1930’s Déjà vu and today’s cyber experiments on critical infrastructure.
Had a very productive training and tabletop exercise during my Center’s organized week-long event in Kiev, Ukraine. For more info on what we did in Kiev see ( https://enseccoe.org/en/events/268/tabletop-exercise-coherent-resilience-2017-core-4/details ) (1) I will share some of the “take-aways” from this week long event which included the participation of Ukrainian government, energy sector operators and private […]