Category: Critical Infrastructure

ICS cybersecurity at the crossroads: heading toward cyber peace or towards a “duty to hack”?

Critical Infrastructure, Policy 11-December-201718-December-2017 Vytautas Butrimas

The year is ending and there have been several unsettling events in cyberspace this past year to reflect upon. They all seemed to have come together for me this past week as I completed my speaking engagements in Vilnius and in Garmische-Partenkirchen. The first conference was in Vilnius with the title “Baltic Energy Summit 2017 […]

Complex control systems used by ships at sea are subject to the same kinds of accidents and challenges.

Critical Infrastructure, General Topic 3-November-201713-November-2017 Vytautas Butrimas

“This is where you talk about fleets coming to a stop. Our ships are floating SCADA systems” – Capt. Mark Hagerott (ret.), Deputy director of cybersecurity for the U.S.N. Academy (1) Many years ago I had the good fortune to have two good friends who both owned wooden (African Mahogany) sailing boats. One was a […]

Spanish Civil War 1930’s Déjà vu and today’s cyber experiments on critical infrastructure.

Critical Infrastructure, Electric, Exercise 25-October-201726-October-2017 Vytautas Butrimas

Had a very productive training and tabletop exercise during my Center’s organized week-long event in Kiev, Ukraine. For more info on what we did in Kiev see ( https://enseccoe.org/en/events/268/tabletop-exercise-coherent-resilience-2017-core-4/details ) (1) I will share some of the “take-aways” from this week long event which included the participation of Ukrainian government, energy sector operators and private […]

Good news for ICS protection: ISA providing new ISA/IEC 62443 based industrial cybersecurity training

Critical Infrastructure, Internet of Things, Policy 17-March-201717-March-2017 Vytautas Butrimas

The great Chinese military strategist Sun Tzu in his book the “Art of War” stated that (to paraphrase) “if you know yourself and the enemy, you will prevail in every battle”. This saying is applicable to the protection of industrial control systems that comprise the technical foundation for today’s critical infrastructure. One of the long-term […]

The lack of comprehensive investigation and sharing of lessons from industrial control system incidents will continue to leave others as sitting ducks.

Critical Infrastructure, Policy 13-December-201613-December-2016 Vytautas Butrimas

This past week news has surfaced about cyber-attacks directed against German industry. In particular about a suspected case of cyber espionage at ThyssenKrupp (1) (2). The announcement that a German steel maker was cyber attacked reminded me about the 2014 German Federal Government IT Department’s (BSI) report of a cyber-attack at an unidentified steel mill […]

Simulations don’t have to be expensive or labor intensive in order to explain key concepts about IT and ICS security

Critical Infrastructure, Exercise 10-November-201610-November-2016 Vytautas Butrimas

It can be hard to understand amidst all the IT biased (towards Confidentiality, Integrity and Availability of information) cybersecurity hoopla how today’s IT threats emanating from cyberspace can affect industrial control systems. IT security questions can be hard to understand for the ICS practitioner (who leans towards different security priorities of Safety, Availability, Integrity and […]

In seeking to protect industrial control systems are we clear about what is being threatened and from what threats?

Critical Infrastructure, Policy 8-November-20168-November-2016 Vytautas Butrimas

Reading the recently published Industrial Control Systems Emergency Response Team (ICS-CERT) Advanced Analytical Laboratory (AAL) White Paper on Malware Trends left me somewhat unimpressed and disappointed. Whenever I read a document about cybersecurity, especially one written by an institution dealing with the security of industrial control systems, I am keen to see how the authors […]