I am happy to see ICS cyber security specifically being addressed by the US Secretary of Energy. It is “unobtainium” to secure the electric system, or any other industry which uses the same equipment, within 100 days even though there can be a good start. Network cyber threat prevention and situational awareness can be employed […]
Category: Critical Infrastructure
Enough About Data Breaches. Let’s Talk About OT Security – TAG Cyber
Tag Cyber moderated a roundtable discussion with Mark Weatherford and me on control system cybersecurity. The discussion was why operational technology (OT) is woefully neglected—and what can be done to change that. This discussion becomes even more timely with the recent DOE 100-Day Plan to Address Cybersecurity Risks to the US Electric System. The roundtable […]
Was the Ever Given hacked in the Suez Canal?
This blog is speculative as there is little public information about what caused the Ever Given to run aground in the Suez Canal. I find it curious that a newer ship could have had the technical problems (which could have been caused by a cyberattack) at just the time the ship could entirely block the […]
Data center cybersecurity – don’t overlook the cyber vulnerable building control systems
According to many people, data is the new oil. Industries such as insurance, finance, retail, etc. depend on massive amounts of data from multiple data centers. However, what happens if you can’t get to your data because the data center infrastructure or servers have been damaged and are unusable? Data is merely a series of […]
Lack of security at Level 0/1: problem of awareness or unwillingness to change priorities?
To be honest I was planning to write about unintentional cyber incidents in critical infrastructure and the need to pull away some of our attention from the sexy topic of cyber-attacks and cyber kill-chains. I changed my mind when I read Dale Peterson’s informative article on “Awareness Of Purdue Level 0 and 1 (In)Security” and […]
The US food supply is neither cybersecure nor safe from control system cyber threats
The US FDA is supposed to assure the US food supply is safe from adulteration. However, the FDA Food Safety Management Act (FSMA) requirements ignore cyber threats. There have been more than 20 control system cyber incidents in food and beverage facilities including some where people were harmed and others that shut down facilities. Similar […]
Observations from 2021 SANS ICS Cyber Security Conference
The 2021 SANS ICS Cyber Security Conference was held March 4-5, 2021 with almost 9,000 registrants globally. The Conference thoroughly addressed OT networking issues. However, cyber security issues associated with Level 0,1 devices were not as adequately understood and addressed. There was also almost no discussion of the hardware backdoors in the Chinese-made transformers. My […]
Texas power outages demonstrate grid cyber vulnerability and inadequacy of existing regulations
Recent Texas power outages and the loss of both electricity and water across Texas demonstrate how vulnerable ERCOT and Texas are to not only natural disasters such as snowstorms and hurricanes but also manmade and malicious activities. More than that, it also demonstrates the vulnerability of the entire U.S. Energy grid. The good news is […]
Why America would not survive a real first strike cyberattack today
Mike Rogers is a former member of Congress who served as chairman of the House Intelligence Committee. He is the David Abshire Chair at the Center for the Study of the Presidency and Congress and is a senior fellow with the Intelligence Project at the Belfer Center for Science and International Affairs at Harvard University. […]
Don’t overlook the most consequential control system cyber events of 2020
URL: https://www.controlglobal.com/blogs/unfettered/dont-overlook-the-most-consequential-control-system-cyber-events-of-2020/ Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers, an incident that prompted Presidential Executive Order (EO) 13920. The hardware backdoors are obvious control system threats. The second event was the Russian SolarWinds […]