The Institute for Homeland Security at Sam Houston State University published my paper – “The Need for Interdisciplinary Programs for Control System Cybersecurity”. The paper can be found at Weiss.2025-1018. Operational Technology (OT) / Control Systems support the critical infrastructures of electric power in traditional and renewable energy systems, water, oil/gas, chemicals, manufacturing, pipelines, rail, […]
Category: General Topic
June ICS/SCADA Cybersecurity Symposium to address real CONTROL SYSTEM cyber incidents
In preparation for the June 3-4 ICS/SCADA Cybersecurity Symposium in Chicago, I continue to be aware of CONTROL SYSTEM cyber incidents. There were no discussions of control system cyber incidents at RSA, though there were many discussions of network-related cyber events. I was recently contacted by someone trying to find public OT cyber incidents leading […]
June ICS/SCADA Cybersecurity Symposium to address unique control system cyber security issues
June 3-4, I will be participating in the ICS/SCADA Cybersecurity Symposium in Chicago. My two sessions will address important control system-unique issues not being addressed elsewhere. June 3rd, I will be moderating a first-of-a-kind session bringing together a control system engineer and an OT network cybersecurity researcher to explore the cultural and operational divide between […]
CISA “cyber hygiene” guidance for OT?
CISA that organisation that was created from the retired ICS-CERT and US-CERT came out with “Primary Mitigations to Reduce Cyber Threats to Operational Technology.[1]” In total there are 5 recommended mitigations that are quite peculiar if one remembers it has been 15 years since the announcement of the STUXNET operation. Let us look at each […]
The RSA Cybersecurity Conference is not relevant to control systems- what’s missing is in plain sight
Control system field devices have no cyber security, authentication, or cyber forensics. These devices were orphaned from cybersecurity programs as OT networks became the focus of cybersecurity programs and the RSA Cybersecurity Conference. At RSA, there were numerous discussions about network cybersecurity threats from Russia, China, and Iran, as well as on the latest APTs. […]
New IACS/OT oriented and evidence-based effort underway for improving incident management
Since leaving full time employment in 2022 I am aware that I am fading from the ICS security scene. As a way to remain useful for a while longer I have tried to fill the gap by collaborating with the ISA 99 Committee. Most recently I co-chaired one of the newly created workgroups dedicated to […]
OT and Engineering are not the same and are creating dangerous conditions
A recent job solicitation from a medium-size water utility seeking engineers included knowledge of associated industrial communications and networking equipment. However, the engineers were not responsible for cybersecurity of those networks and there was no mention of the term OT nor any consideration of with working with the network security organization. Another recent job solicitation […]
Zones, Conduits, and What They Mean
Concepts Have you ever been in a meeting where everyone says the same words but you later discover that they were thinking different things? That’s what concerns me about the concept of Zones and Conduits. Security people hear the concept and they think it is related to the Purdue Enterprise Reference Architecture1 (the so-called “Purdue […]
Critical infrastructures cannot be secured because network security and engineering won’t work together
There continues to be a gap between the engineering organizations in end-users and control system suppliers responsible for reliability, functionality, and safety on the one hand, and the network security organizations responsible for network security on the other. Control systems are neither just engineering nor network security but a combination of both: modern networking technologies […]
Industrial Cybersecurity “Gatekeeping”
Many in IT, perhaps having been disenchanted with what should be exciting and interesting work, have noticed the scene in OT and may be thinking of making the leap from IT to OT. Speaking as an engineer of control systems, we’re happy to have you. But we do have some concerns. Yes, the pictures you […]