Texas power outages demonstrate grid cyber vulnerability and inadequacy of existing regulations

Recent Texas power outages and the loss of both electricity and water across Texas demonstrate how vulnerable ERCOT and Texas are to not only natural disasters such as snowstorms and hurricanes but also manmade and malicious activities. More than that, it also demonstrates the vulnerability of the entire U.S. Energy grid. The good news is […]

Don’t overlook the most consequential control system cyber events of 2020

URL: https://www.controlglobal.com/blogs/unfettered/dont-overlook-the-most-consequential-control-system-cyber-events-of-2020/ Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers, an incident that prompted Presidential Executive Order (EO) 13920. The hardware backdoors are obvious control system threats. The second event was the Russian SolarWinds […]

The Chinese hardware backdoors can cause transformer failures through the load tap changers

As I was reviewing my blogs for a paper I was preparing, I found a nuclear power plant incident involving a station auxiliary transformer load tap changer (LTC) failure. Substation transformers have been acknowledged as the Achilles heel of the electric industry. As a result, the 2015 FAST (Fixing America’s Surface Transportation) Act contained a […]

What would Sun Tzu and Louis Pasteur say about today’s industrial cybersecurity?

Have been following the discussions on industrial cybersecurity, convergence, network vs device security, and IT vs OT vs ICS[2]. Some of the points of view differ greatly on what needs to be done.  This lack of consensus indicates that something may be wrong with our assumptions and our approach.   A disturbing lack progress being […]

Is there a problem with our understanding of the terms IT, OT and ICS when seeking to protect critical infrastructure?

I remember participating in a work group composed of national representatives tasked with coming up with norms for confidence and security building measures (CSBM) for states to follow in cyberspace.  This was quite exciting to be a part of at first, but the discussions slowed down when a representative of a cyber-superpower raised the issue of […]

Perhaps one step backward in building CIP capacity?

“The definition of insanity is doing the same thing over and over again and expecting a different result                                                                                                – Attributed to A. Einstein A recent post titled “Regarding (AA20-049A) Ransomware Impacting Pipeline Operations”   on SCADASEC pointed out the FUD promoting aspects of an alert published by  The Cybersecurity and Infrastructure Security Agency (CISA) at […]