IEEE Computer article on identifying control system cyber incidents

The article “There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling” is in the December 2023 issue of IEEE Computer magazine. The article discusses the importance of identifying control system incidents as being cyber-related as the identification is the starting point for cyber incident response programs. The example in the article is the shutdown of […]

Why is CISA not addressing the PLCs in the Unitronics PLC attack?

The Unitronics PLC hack is an Iranian IRGC supply chain attack against multiple US critical infrastructures on US soil (it has also affected international users) targeting the Israeli-made Unitronics PLCs through its customers. The CISA response has been less than satisfactory as this was an attack against the PLCs whereas CISA’s recommendations only addressed IT […]

Iran hacks US water system: Observation and implications of a terrorist attack on US soil

November 25, 2023, the Municipal Water Authority of Aliquippa, PA had one of its booster stations hacked by an Iranian-backed cyber group – CyberAv3ngers. The booster station monitors and regulates pressure for customers within the City of Aliquippa and portions of two neighboring Townships. An alarm went off as soon as the hack had occurred […]

Forecasting where a hacker will go once inside an OT network

Work is ongoing in identifying cyber threats, and vulnerabilities, and locating hacker penetration in electric utility and other OT networks. However, existing technologies including IDS, IPS, SIEM, and SOAR can’t predict the future movement of a cyber intrusion that has successfully breached the OT network. Under US Air Force and DOE contracts, GCAS and its […]

ISA MLM-38A “Identifying Control System Cyber Incidents” has been issued

[UPDATED 21-Oct-2023] ISA99 has approved the peer-reviewed Micro Learning Module (MLM) 38A – “Identifying Control System Cyber Incidents”. Those wishing to see the MLM should send their request to ISA99Chair@gmail.com. It is not possible to have an effective OT/ICS cyber security program if you can’t identify control system incidents as being cyber-related. Yet, OT cyber security is […]

Recent control system cyber cases can impact safe facility operation

IP network hacks and ransomware may not be able to be stopped. That includes cyberattacks against control system vendors who offer “cyber secure systems” and cyber security services. Control system vendors provide systems globally including to China, and some also have design and manufacturing facilities in China. The Johnson Controls and Bently-Nevada cases are not […]

The European Union moves to regulate its digital economy by proposing cybersecurity requirements – is the CRA a bridge too far?

“In other words, there is no resilience in this particular material when it is at a temperature of 32 degrees. I believe that has some significance for our problem.” – Professor Richard Feynman commenting during the 1986 Challenger Commission hearings. The Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal […]

Hacking insecure process sensor systems may have affected the Chernobyl nuclear plant site

I am an engineer not a threat analyst. I can tell you what can happen to control systems from cyber vulnerabilities; I cannot tell you why someone would or would not want to exploit these vulnerabilities. My concerns are from a safety perspective as process sensors are used globally to monitor environmental conditions around industrial […]

A Tale of Two Cities water attacks – Oldsmar and Discovery Bay

There have been more than 130 control system cyber incidents in water/wastewater utilities. Like Oldsmar and Discovery Bay, most of these incidents have occurred in small water utilities. Many of these incidents were not publicly disclosed, nor were the utilities required to disclose these incidents. When the Oldsmar water “hack” was publicized, a water system […]

Critical infrastructures cannot be secured when process sensors are not secure

If you can’t trust what you measure, there is no cyber security, resiliency, process safety, productivity, or predictive maintenance in any critical infrastructure or cyber-physical system. Process sensors have no cyber security or authentication yet use remote access extensively as documented in the process sensor vendors’ specifications. ISA and NIST have identified there is no cyber […]