September 13, 2021, I submitted my response to the FERC Complaint EL21-99-000 on the use of Chinese-made equipment for critical equipment used in the US grid. The equipment identified can be used in many other critical infrastructures such as water/wastewater, pipelines, oil/gas, and manufacturing. – https://www.controlglobal.com/blogs/unfettered/formal-response-to-ferc-complaint-el21-99-000-on-chinese-equipment-in-the-us-grid
Category: Critical Infrastructure
Do the Chinese “own” our electric grids and other infrastructures?
The national focus on cyber security has been on data breaches including ransomware which is what precipitated the August 25, 2021, White House Cyber security meeting. For IT networks, the focus on data breaches is sufficient. However, the real concern for critical infrastructures is not data breach but equipment damage that can cause very extended […]
World Federation of Scientists (WFS) Permanent Monitoring Panel – Mitigation of Catastrophic Risk
August 24th, 2021, I will be on an Engineering Infrastructure Resilience Panel discussing Cyber-Physical Security of Critical Infrastructures – Catastrophic Risks and Mitigation Strategies. Panelists will include Walter Grayman, Ali Mosleh from UCLA, Shaikha Al-Sanad from the Kuwait Institute for Scientific Research, Andrew Ohrt from West Yost, John Organek from the EIS Council, and myself. […]
US critical infrastructure cyber security is backwards – it’s the process that counts not the data
With the never-ending, and too often successful, attacks on critical infrastructure networks, there needs to be a better way to protect control systems and the processes they monitor and control. The fallacy about critical infrastructure cybersecurity is that the Internet Protocol (IP) networks are needed to keep lights on, water flowing, etc. July 28, 2021, […]
Results from ThreatConnect webinar on mitigating risks in critical infrastructures and on-going actual risks
July 21, 2021, I participated in a live webinar discussion, hosted by ThreatConnect’s Dan Verton, on mitigating risk in critical infrastructures with Bob Kolasky from DHS CISA and Tim Grieveson from Aveva. The webinar link can be found at ThreatConnect Podcast Ep. 21: Mitigating Cyber Risk in Critical Infrastructures I met Dan in 2001 when […]
ThreatConnect July 21, 2021 webinar on mitigating risks in critical infrastructures
July 21, 2021 from 1-2pm EDT, I will be participating in a live webinar discussion on mitigating risk in critical infrastructures with Bob Kolasky from DHS CISA and Tim Grieveson from Aveva. The link can be found at https://threatconnect.com/mitigating-cyber-risk-in-critical-infrastructure/.
Sensor monitoring technology can make critical infrastructures less attractive targets for ransomware
Ransomware and other IT-originated cyberattacks can affect control systems when IT networks are connected to OT networks or insecure IOT devices are connected to OT networks. Off-line sensor monitoring technology doesn’t stop a ransomware attack, rather the technology is oblivious to the ransomware or IT attack. The off-line process sensor monitoring can provide real time […]
It may not be possible to recognize a “Cyber Pearl Harbor” as a cyber event
Ransomware attacks will continue to occur as they are so profitable. Unlike control system cyberattacks, network cyberattacks are short-lived as they do not damage critical hardware which is why network cyberattacks are not a “Cyber Pearl Harbor”. Yet that is the government and industry’s focus. For control systems, it is the opposite. When a control […]
July 1st Air Force Cyber College Control System Cyber Security Seminar
July 1, 2021 from 1:00-2:00PM CDT, I will be presenting “Beyond Ransomware – Cyber Security is More than IT” to the US Air Force Cyber College. With the spate of public disclosures about ransomware incidents, why are the Chinese transformer case, SolarWinds impacts on control systems, and other actual control system incidents not being discussed? It […]