IEEE paper on process sensor monitoring – what you need to know about process sensor cyber security

The article, “Using Machine Learning to Work Around the Operational and Cybersecurity Limitations of Legacy Process Sensors” is now available in the November issue of IEEE Computer: The paper provides a case study providing detailed quantitative results of the unseen deficiencies in many process sensors. October 25th, Dale Peterson issued a blog “the Weissian Level […]

Applying IP network guidance has harmed control system field devices and legacy control systems

I continue to be very concerned that both private sector and public sector policy-making organizations (square peg) simply don’t have the control system cyber security technical depth to be making decisions about cybersecurity of control systems (round hole). There have been many documented cases where applying IP network mitigations has caused very significant problems to […]

Many OT cyber security experts don’t understand the systems they are trying to secure – the square peg in the round hole

There is an old saying about not forcing a square peg into a round hole. The square peg is IT and OT network security. The round hole is the insecure ICS field device. On September 8, 2022, RSA held the RSAC 365 Virtual Seminar & Innovation Showcase: OT & ICS Security. The session was focused on […]

Critical infrastructures cannot be secure when critical equipment isn’t

August 25, 2022, I received a call from an insurance specialty insurer who had received an Operational Technology (OT) Supplemental Application from a global control system supplier to the aerospace industry, industrial operations, and the US Department of Defense. I am personally aware of at least some of the company’s products because of their use […]

Windows-based HMIs are too slow for monitoring process sensors or plant equipment anomalies

Process sensors are the input for predictive maintenance, digital transformation, Industry4.0, smart manufacturing, smart grid, etc. The majority of OT networks use Windows-based HMIs even though Windows was not designed to be an engineering data acquisition tool. In a recent plant test, the Windows-based HMI was not effective and, in fact, provided misleading information on […]

Utility/DOE data indicates sophisticated hackers have compromised US electric control centers

This is the utilities’ data and DOE analyzed it… and it was still missed DOE’s Form OE-417 collects information from the US utilities on electric incidents and emergencies. The OE-417 data covers the time span from 2000 through the end of February 2022 and so does not include any incidents since the start of the […]

The survey results of the 2022 DNV energy cyber security report are grossly misleading

DNV published The Cyber Priority report, “The State of Cyber Security in the Energy Sector”. I believe the oil, gas, and chemical (not electric) industries are leading most industries addressing control system cyber security. The report states the research draws on a survey of 948 energy professionals and a series of in-depth interviews with industry […]

Critical infrastructure cyber security is broken – process sensors continue to be ignored

While no one would argue that network security isn’t important, it’s also important that the basic process sensor data that cross the OT network not be overlooked. Process sensors are necessary input for reliability, availability, safety, predictive maintenance, product quality, and cyber security. Yet process sensors have no cyber security and are connected to the […]