To be honest I was planning to write about unintentional cyber incidents in critical infrastructure and the need to pull away some of our attention from the sexy topic of cyber-attacks and cyber kill-chains. I changed my mind when I read Dale Peterson’s informative article on “Awareness Of Purdue Level 0 and 1 (In)Security” and […]
The 2021 SANS ICS Cyber Security Conference was held March 4-5, 2021 with almost 9,000 registrants globally. The Conference thoroughly addressed OT networking issues. However, cyber security issues associated with Level 0,1 devices were not as adequately understood and addressed. There was also almost no discussion of the hardware backdoors in the Chinese-made transformers. My […]
Recent Texas power outages and the loss of both electricity and water across Texas demonstrate how vulnerable ERCOT and Texas are to not only natural disasters such as snowstorms and hurricanes but also manmade and malicious activities. More than that, it also demonstrates the vulnerability of the entire U.S. Energy grid. The good news is […]
URL: https://www.controlglobal.com/blogs/unfettered/dont-overlook-the-most-consequential-control-system-cyber-events-of-2020/ Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers, an incident that prompted Presidential Executive Order (EO) 13920. The hardware backdoors are obvious control system threats. The second event was the Russian SolarWinds […]
Have been following the discussions on industrial cybersecurity, convergence, network vs device security, and IT vs OT vs ICS[2]. Some of the points of view differ greatly on what needs to be done. This lack of consensus indicates that something may be wrong with our assumptions and our approach. A disturbing lack progress being […]
Several years ago I was doing a control system cyber risk assessment for a regional transit agency. The most significant safety issue was the Liquified Natural Gas (LNG) transit bus refueling facility. The LNG facility was on the transit agency property and was for use for the LNG-powered transit buses and other LNG-powered agency vehicles. […]
After 5 years of research and hard work, Project SCIDMARK†1 is online. Announced back in October 2015 at the ICS Conference in Atlanta, GA, we feel that the current product is ready for use. As we have several thousand cyber-related events and incidents, the initial christening of the product will have only 11. This is […]
Jim Lewis is a Sr VP at the Center for Strategic and International Studies (CSIS). He wrote the article “Dismissing Cyber Catastrophe” dated August 17, 2020 – https://www.csis.org/analysis/dismissing-cyber-catastrophe?utm_source=CSIS+All&utm_campaign=e4d5b3e04c-EMAIL_CAMPAIGN_2018_11_08_05_05_COPY_01&utm_medium=email&utm_term=0_f326fc46b6-e4d5b3e04c-221758737 . In ‘Dismissing Cyber Catastrophe,’ Jim argues that concerns about industrial cyber security are overblown and the risk is exaggerated. Because the view that ‘cyber catastrophes’ are […]
IT and OT networks are under continuing attacks with varying degrees of impacts. When the DHS CISA Alert was issued specifically identifying control systems, I had two questions: why now and what happened that was unique to control systems? For control system cyber security what is most important are the physical impacts from the control […]
This summer some of us noted the 10th anniversary of the discovery of Stuxnet. That is when it became known to the public. Since 2010 we have learned that earlier forms of Stuxnet were being developed and tested on the target several years earlier.[1] To commemorate this anniversary several articles and presentations have been published. […]
