The 2024 RSA Cyber Security Conference – what wasn’t addressed can hurt you

Critical infrastructure cyber security took a prominent position at the RSA Cyber Security Conference with the issuance of NSM22. NSM22 states: “It is diverse and complex, and includes distributed networks, varied organizational structures, operating models, interdependent systems, and governance constructs.” There was no mention of hardware. Yet the critical infrastructure is dependent on hardware – […]

Could the Dali container ship incident have been a control system cyberattack – YES!

The impacts of control system incidents are obvious, but their causes are usually less clear, especially when they might be cyber-related. However, control system cyber incidents have impacted the behavior and operation of ships as well as other critical infrastructures. GPS hacks have altered ships’ positions and displays. Some Chinese critical infrastructure such as port […]

Exploiting remote access – the ultimate living off the land attack

Remote access to control systems is necessary for equipment reliability and availability. Securing remote access is a very tough problem because it is a double-edged sword providing needed reliability improvement and a potential vehicle for Living-off-the-Land attacks. Cyber security technologies exist to secure remote access from external intruders. However, cyber security programs are not adequately […]

The US electric industry is not responding to cyber-vulnerable Chinese equipment

The electric grid is interconnected. The interconnectivity goes not only between utilities but also between facilities connected to the grid. The Chinese (and other threat actors) are exploiting this cyber security gap. Chinese transformers, cranes, inverters, process sensors, etc. are comparably well-made and inexpensive leading to their continued use in US critical infrastructures. Many of […]

False process sensor data can be catastrophic, but are not adequately addressed

The impetus for this blog was twofold: first, a Concordia University study dated January 24, 2024, which concluded that tampering with the electric system sensors could cause grid fluctuations, and second, my meeting with the engineer who scientifically documented that the radiation monitoring system outside the Chernobyl nuclear plant was compromised with false data. The […]

IEEE Computer article on identifying control system cyber incidents

The article “There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling” is in the December 2023 issue of IEEE Computer magazine. The article discusses the importance of identifying control system incidents as being cyber-related as the identification is the starting point for cyber incident response programs. The example in the article is the shutdown of […]

Why is CISA not addressing the PLCs in the Unitronics PLC attack?

The Unitronics PLC hack is an Iranian IRGC supply chain attack against multiple US critical infrastructures on US soil (it has also affected international users) targeting the Israeli-made Unitronics PLCs through its customers. The CISA response has been less than satisfactory as this was an attack against the PLCs whereas CISA’s recommendations only addressed IT […]

Iran hacks US water system: Observation and implications of a terrorist attack on US soil

November 25, 2023, the Municipal Water Authority of Aliquippa, PA had one of its booster stations hacked by an Iranian-backed cyber group – CyberAv3ngers. The booster station monitors and regulates pressure for customers within the City of Aliquippa and portions of two neighboring Townships. An alarm went off as soon as the hack had occurred […]

Forecasting where a hacker will go once inside an OT network

Work is ongoing in identifying cyber threats, and vulnerabilities, and locating hacker penetration in electric utility and other OT networks. However, existing technologies including IDS, IPS, SIEM, and SOAR can’t predict the future movement of a cyber intrusion that has successfully breached the OT network. Under US Air Force and DOE contracts, GCAS and its […]

ISA MLM-38A “Identifying Control System Cyber Incidents” has been issued

[UPDATED 21-Oct-2023] ISA99 has approved the peer-reviewed Micro Learning Module (MLM) 38A – “Identifying Control System Cyber Incidents”. Those wishing to see the MLM should send their request to ISA99Chair@gmail.com. It is not possible to have an effective OT/ICS cyber security program if you can’t identify control system incidents as being cyber-related. Yet, OT cyber security is […]