Jim Lewis is a Sr VP at the Center for Strategic and International Studies (CSIS). He wrote the article “Dismissing Cyber Catastrophe” dated August 17, 2020 – https://www.csis.org/analysis/dismissing-cyber-catastrophe?utm_source=CSIS+All&utm_campaign=e4d5b3e04c-EMAIL_CAMPAIGN_2018_11_08_05_05_COPY_01&utm_medium=email&utm_term=0_f326fc46b6-e4d5b3e04c-221758737 . In ‘Dismissing Cyber Catastrophe,’ Jim argues that concerns about industrial cyber security are overblown and the risk is exaggerated. Because the view that ‘cyber catastrophes’ are […]
Category: Policy
CISA Alert AA20-205A addressed OT networks but did not address control systems
IT and OT networks are under continuing attacks with varying degrees of impacts. When the DHS CISA Alert was issued specifically identifying control systems, I had two questions: why now and what happened that was unique to control systems? For control system cyber security what is most important are the physical impacts from the control […]
Perhaps we are missing a lesson from Stuxnet?
This summer some of us noted the 10th anniversary of the discovery of Stuxnet. That is when it became known to the public. Since 2010 we have learned that earlier forms of Stuxnet were being developed and tested on the target several years earlier.[1] To commemorate this anniversary several articles and presentations have been published. […]
Perhaps one step backward in building CIP capacity?
“The definition of insanity is doing the same thing over and over again and expecting a different result – Attributed to A. Einstein A recent post titled “Regarding (AA20-049A) Ransomware Impacting Pipeline Operations” on SCADASEC pointed out the FUD promoting aspects of an alert published by The Cybersecurity and Infrastructure Security Agency (CISA) at […]
Targeting Control and Safety Instrumented Systems (SIS): new escalation of cyber threats to critical [energy] infrastructure
“It is no use saying, ‘We are doing our best.’ You have got to succeed in doing what is necessary.” – Winston Churchill Introduction Industrial Control and Safety systems play an important part in insuring that the physical processes taking place in a manufacturing plant, power generation facility or other segment of critical infrastructure do […]
Computer Science programs may fall short in contributing to critical infrastructure protection
“There’s a great future in plastics. Think about it. Will you think about it?” – Advice given to a young man in the 1967 Film, “The Graduate” (1) In the 1967 film, “The Graduate” an older man gives insider advice to a young person struggling to decide on a future career. I was in […]
Attribution: An impossible/inconvenient task or a way to get an APT off one’s back?
“Pay no attention to that man behind the curtain!” – From the film Wizard of Oz, 1939 Recently on the SCADASEC list there have been discussions of reports of cyber attacks on the critical infrastructures of other states with the naming of the state that is responsible. Some say attribution of responsibility is far less […]
Towards a Cyber Safe Critical Infrastructure: Answering the 3 questions*
What are the main challenges in implementing cyber security policies? There are several challenges in developing and most importantly, in implementing cyber security policies. However most successful efforts will be judged according to the way the following 3 important questions are answered: 1. What to protect? 2. From what cyber threats? 3. How, considering that […]
ICS cybersecurity at the crossroads: heading toward cyber peace or towards a “duty to hack”?
The year is ending and there have been several unsettling events in cyberspace this past year to reflect upon. They all seemed to have come together for me this past week as I completed my speaking engagements in Vilnius and in Garmische-Partenkirchen. The first conference was in Vilnius with the title “Baltic Energy Summit 2017 […]
Is Society Too Trusting?
I wanted to share an interesting observation from this past weekend. Though this does not relate to SCADA/ICS, it does demonstrate just how trusting people are. This past Friday, I had tagged along with my wife as we went to Wal-Mart for our weekly shopping. Following the general shopping, she wanted to go and check […]