NERC publishes Lessons Learned documents to provide industry participants with technical and understandable information that helps them maintain the reliability of the bulk electric system. NERC has a history of not identifying control system incidents as being cyber-related. NERC issued two Lessons Learned documents in 2025: “Loss of Monitoring and Control Due to a Communication […]
Category: Critical Infrastructure
Misguided response to the Norwegian Dam and Oldsmar “cyberattacks”
Not all control system cyber incidents are malicious cyberattacks. They can be accidents or errors, too. In their haste to find OT cyberattacks, the OT cybersecurity community, including regulators, continue to jump to conclusions about what are OT cyberattacks while at the same time ignoring incidents that don’t look like cyber incidents they are used […]
Sam Houston State University paper – “The Need for Interdisciplinary Programs for Control System Cybersecurity”
The Institute for Homeland Security at Sam Houston State University published my paper – “The Need for Interdisciplinary Programs for Control System Cybersecurity”. The paper can be found at Weiss.2025-1018. Operational Technology (OT) / Control Systems support the critical infrastructures of electric power in traditional and renewable energy systems, water, oil/gas, chemicals, manufacturing, pipelines, rail, […]
Government officials need to recognize the importance of control system cybersecurity
My colleague, Vytautas Butrimas, is retiring after a long and distinguished career. I am writing this blog both in admiration for Vytautas’s work but also to demonstrate that government leaders like Vytautas and former US Congressman James Langevin, neither of whom is an engineer, can become leaders in supporting the need for control system, not […]
Control System Cyber Incidents: The Hidden Threat to Grid Stability
Control system cyber incidents, particularly those originating from even a single compromised or malfunctioning sensor system, can impact vast portions of the electric grid (or other critical infrastructures). Despite decades of lessons and warning signs, meaningful progress in securing power grid (and other critical infrastructure) control systems remains elusive. This failure stems from foundational misunderstandings […]
Could the Spanish outage occur here
Mike Swearingen and I did a webinar for the IEEE Consultants Network on the Spanish Outage and associated grid issues. The webinar can be found at https://www.youtube.com/watch?v=4wnk8hZEzuw. As the final results of the Spanish outage are not finalized, our discussions were based on our experience. The initial discussions were on two questions: could the Spanish […]
2025 IEEE Power & Energy Society Summit: “Achieving a more reliable and resilient energy future”
attended the IEEE Reliability and Resilience Summit May 19-21, 2025, in San Jose, CA. There were more than 300 attendees from more than 150 organizations. The program can be found at 2025 IEEE Power & Energy Society Summit – IEEE Power & Energy Society.The key takeaways were: This was an engineering conference with the attendees […]
June ICS/SCADA Cybersecurity Symposium to address real CONTROL SYSTEM cyber incidents
In preparation for the June 3-4 ICS/SCADA Cybersecurity Symposium in Chicago, I continue to be aware of CONTROL SYSTEM cyber incidents. There were no discussions of control system cyber incidents at RSA, though there were many discussions of network-related cyber events. I was recently contacted by someone trying to find public OT cyber incidents leading […]
June ICS/SCADA Cybersecurity Symposium to address unique control system cyber security issues
June 3-4, I will be participating in the ICS/SCADA Cybersecurity Symposium in Chicago. My two sessions will address important control system-unique issues not being addressed elsewhere. June 3rd, I will be moderating a first-of-a-kind session bringing together a control system engineer and an OT network cybersecurity researcher to explore the cultural and operational divide between […]
T&D World article on Battery Energy Storage Systems (BESS) cyber issues
Networked Battery Energy Storage Systems (BESS) introduce cyber and physical vulnerabilities, and not enough attention is paid to training, design and operation. As a follow-up to my February 14, 2025 Unfettered blog, “Cyber vulnerable battery systems are catching fire and communicate directly to China”, T&D World published the update “How Vulnerable to Cyber Attacks are […]