Targeting Control and Safety Instrumented Systems (SIS): new escalation of cyber threats to critical [energy] infrastructure

“It is no use saying, ‘We are doing our best.’ You have got to succeed in doing what is necessary.” – Winston Churchill Introduction Industrial Control and Safety systems play an important part in insuring that the physical processes taking place in a manufacturing plant, power generation facility or other segment of critical infrastructure do […]

What was that Purdue Model stuff, anyway?

The Purdue Enterprise Reference Architecture (commonly known as the Purdue Model) for control systems is old. People have forgotten what it originally was about. When it was first introduced, the big concern behind the Purdue Model was keeping computing and networks deterministic so that they wouldn’t fault. Toward that end, it introduced network segmentation as […]

Complex control systems used by ships at sea are subject to the same kinds of accidents and challenges.

“This is where you talk about fleets coming to a stop. Our ships are floating SCADA systems” – Capt. Mark Hagerott (ret.), Deputy director of cybersecurity for the U.S.N. Academy (1) Many years ago I had the good fortune to have two good friends who both owned wooden (African Mahogany) sailing boats. One was a […]

Security Breach Detection

When I see most OT staff discuss ICS security, they usually begin with some networking gewgaws and tweaks. This sort of stuff is interesting the first few times going through this exercise. However, it doesn’t take long to realize that network security alone is a multi-headed hydra of a problem. The more we try and […]

Assigning Responsibility for ICS Security

Once the pain of a risk assessment is over, a few managers look at each other and decide on what changes they would like to make. Usually an IT expert comes in to install new network security hardware or someone is tasked with revising documentation; but rarely does anyone tinker with assigning responsibility. Nobody wants […]