Raising the awareness for a cybersecurity practitioner about the vulnerabilities of IT and Industrial Control Systems to today’s threats emanating from cyberspace can sometimes resemble the hopeless task of Sisyphus(1). The practitioner has the knowledge but it is not an easy thing to convey the concerns to higher management that may not be as technically […]
Category: Critical Infrastructure
Seeking to Develop Exercises That Test Response Capabilities to Any Threat & Add Value
Conducting an exercise can be a very useful tool for testing policies, procedures and actions of institutions for dealing with a perceived threat scenario. It offers the advantage of providing an idea of what would really happen if the worst was to happen without doing any real damage. It can provide answers to questions without […]
Smart Technology That Isn’t So…”Smart”
During the week of July 17th, I attended and spoke at the “Business Opportunities Gateway Forum – Electrical Power and Energy” which was held in Vilnius and organized by the Society of Electrical and Electronic Engineers in Israel. I looked forward to this event for the opportunity to spend some time with engineers and talk […]
Complexity or Not?
At Digital Bond’s website, Mike Toecker makes a case for complex control systems in that complexity often brings efficiency and performance with it. While efficiency and performance are certainly noble goals, they’re not the only ones. If you’re in Critical Infrastructure, there is another goal that gets a higher priority than either of these two […]
To Analog…or Not to Analog…THAT is the Question…
NOTE: At the end of this article is a URL link for a voluntary survey. Recently, there was news of a new Senate bill to develop a pilot program for the Energy Sector. Dubbed the “Securing Energy Infrastructure Act of 2016” (S. 3018), this bill is to provide for the establishment of a pilot program […]
Why ISA-99/IEC 62443 is in Trouble
Before I reveal this e-mail I sent to the ISA-99 list, one should understand the discussion leading up to my rant. The ISA-99 list had been trying to frame its discussion in terms of existing security standards. In my opinion, they’re making an enormous mistake. Industrial control system security should not be pigeonholed in to […]
Why the NY Dam Incident Really Did Not Matter
Ray Park from the SCADASEC mailing list made this comment on 5-Apr-2016: Dams, other than major hydroelectric dams, are not a good target for hack attack. With most flood control and water reservoir dams, the only real control is the floodgates. We considered how to use that and the only thing we could come up […]
2016 Spring Flooding and Potential Impacts
The U.S. Department of Homeland Security, National Protection and Programs Directorate, Office of Cyber and Infrastructure Analysis (OCIA) provided an overview of the National Oceanic and Atmospheric Administration (NOAA) 2016 Spring Flooding Outlook and examines the potential impacts to U.S. critical infrastructure. This product is an update to the April 21, 2015, OCIA Spring Flooding […]
Iranian Hacker Used Google To Hack N.Y. Dam Computer
I have a bit of background I learned from primary sources with direct knowledge of the situation. First, this dam was not a life safety issue. It was for storm water management. The sluice gate was supposedly out of service at the time. However, even it had been in service, it could have gone up […]