Don’t overlook the most consequential control system cyber events of 2020

URL: https://www.controlglobal.com/blogs/unfettered/dont-overlook-the-most-consequential-control-system-cyber-events-of-2020/ Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers, an incident that prompted Presidential Executive Order (EO) 13920. The hardware backdoors are obvious control system threats. The second event was the Russian SolarWinds […]

The Chinese hardware backdoors can cause transformer failures through the load tap changers

As I was reviewing my blogs for a paper I was preparing, I found a nuclear power plant incident involving a station auxiliary transformer load tap changer (LTC) failure. Substation transformers have been acknowledged as the Achilles heel of the electric industry. As a result, the 2015 FAST (Fixing America’s Surface Transportation) Act contained a […]

What would Sun Tzu and Louis Pasteur say about today’s industrial cybersecurity?

Have been following the discussions on industrial cybersecurity, convergence, network vs device security, and IT vs OT vs ICS[2]. Some of the points of view differ greatly on what needs to be done.  This lack of consensus indicates that something may be wrong with our assumptions and our approach.   A disturbing lack progress being […]

Is there a problem with our understanding of the terms IT, OT and ICS when seeking to protect critical infrastructure?

I remember participating in a work group composed of national representatives tasked with coming up with norms for confidence and security building measures (CSBM) for states to follow in cyberspace.  This was quite exciting to be a part of at first, but the discussions slowed down when a representative of a cyber-superpower raised the issue of […]

Perhaps one step backward in building CIP capacity?

“The definition of insanity is doing the same thing over and over again and expecting a different result                                                                                                – Attributed to A. Einstein A recent post titled “Regarding (AA20-049A) Ransomware Impacting Pipeline Operations”   on SCADASEC pointed out the FUD promoting aspects of an alert published by  The Cybersecurity and Infrastructure Security Agency (CISA) at […]

Targeting Control and Safety Instrumented Systems (SIS): new escalation of cyber threats to critical [energy] infrastructure

“It is no use saying, ‘We are doing our best.’ You have got to succeed in doing what is necessary.” – Winston Churchill Introduction Industrial Control and Safety systems play an important part in insuring that the physical processes taking place in a manufacturing plant, power generation facility or other segment of critical infrastructure do […]