On April 1, 2026, Dr. Darrell Eilts, CIO of the Sewage and Water Board of New Orleans, and I will be guests on the Grid Podcast. This discussion will not focus on IT/OT convergence. Instead, we will address a more fundamental issue: the need for true collaboration between engineering and network security. Network impacts are […]
Category: Policy
The OT cybersecurity community continues to ignore control system cyber incidents – a governance failure masquerading as a vocabulary issue
Network cybersecurity (IT and OT) and control system organizations have fundamentally different objectives and criteria when it comes to identifying and addressing cyber incidents. The Verizon Data Breach report, the Dragos 2025 Report, and the OT I Impact Score are typical of OT cyber incident reporting that equate data breaches and ransomware with cyber incidents. […]
Control system cyber incidents and network breaches are “apples and oranges”
Network cybersecurity (IT and OT) and control system organizations have fundamentally different objectives and criteria when it comes to identifying cyber incidents. The Verizon Data Breach report is typical of reporting organizations that equate cyber incidents to data breaches. Control system cyber incidents include field device communication issues, automation malfunctions, loss-of-view, loss-of-control, and are not […]
Why do cybersecurity organizations refuse to identify control system cyber incidents
Cybersecurity policies require that cyber incidents be identified as such. Cyber incident response plans are then initiated after incidents are identified as being cyber-related. To meet those goals, training is required to be able to identify control system incidents as being cyber-related and a mechanism to disseminate this information on control system cyber incidents throughout […]
The need for appropriate Purdue Reference Model Level 0 cybersecurity training
I expected by now there would be commercial and government organizations addressing the unique cybersecurity issues at Level 0. They are not. This disconnect highlights a fundamental problem: much of today’s OT cybersecurity training assumes a security posture at Level 0 that simply does not exist. That is, just because Level 0 devices are not […]
The Unaddressed Cyber Frontier: Level 0 Sensor Measurement Integrity
I was asked by Anna Ribiero from the Industrial Cyber Newsletter about the cybersecurity of Purdue Reference Model Level 0 control system field devices (process sensors, actuators, etc.). Level 0 devices are the 100% trusted input in all sectors. Yet Level 0 devices have no cybersecurity, authentication, cyber forensics, nor appropriate cybersecurity training. If you […]
What have we learned since Stuxnet – when it comes to control system cyber security not much
For SCADASec Fifteen years ago, I wrote the blog – “Malicious vs unintentional cyber incidents – why it is necessary to include unintentional incidents” This blog was written weeks before Stuxnet and its impact on control systems and centrifuge damage were made public. Stuxnet demonstrated that cyberattacks could be made to look like equipment malfunctions […]
NERC Sensors
The fallacy that the electric grid is cybersecure by meeting the NERC CIPs is finally being exposed. Situational awareness is based on process sensor input that is incorrectly assumed to be uncompromised, authenticated, and correct. Because process sensors use non-routable protocols, they have not been considered to be NERC Cyber Assets. Depending on the situation, […]
Network tabletop exercises don’t include engineering and plant operations
If engineering and operations are left out of cybersecurity training and exercises, it’s no surprise that they’d also tend to be overlooked during the pressure of an actual incident. The complexity in manufacturing and industrial control systems is not understood by network security. Simply restarting IT and OT networks from a “golden backup” is not […]
What are the unlearned lessons from Stuxnet
July 22, 2025 the US House Committee on Homeland Security held a hearing, “Fully Operational Stuxnet 15 Years Later & the Evolution of Cyber Threats to Critical Infrastructure”. Stuxnet was not an attack on the networks. Rather, Stuxnet was a stealth attack that damaged physical infrastructures by manipulating physics. Stuxnet used networks as a conduit […]