Getting Into OT

With all the public emphasis on infrastructure, many are asking how to “break into” Operational Technology (OT). It isn’t hard. But there are a few caveats. This blog is my experience and perceptions. There are others, so don’t take what I say as the only reality. There is a widespread perception that field work in […]

IEEE Computer article on identifying control system cyber incidents

The article “There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling” is in the December 2023 issue of IEEE Computer magazine. The article discusses the importance of identifying control system incidents as being cyber-related as the identification is the starting point for cyber incident response programs. The example in the article is the shutdown of […]

Why is CISA not addressing the PLCs in the Unitronics PLC attack?

The Unitronics PLC hack is an Iranian IRGC supply chain attack against multiple US critical infrastructures on US soil (it has also affected international users) targeting the Israeli-made Unitronics PLCs through its customers. The CISA response has been less than satisfactory as this was an attack against the PLCs whereas CISA’s recommendations only addressed IT […]

Forecasting where a hacker will go once inside an OT network

Work is ongoing in identifying cyber threats, and vulnerabilities, and locating hacker penetration in electric utility and other OT networks. However, existing technologies including IDS, IPS, SIEM, and SOAR can’t predict the future movement of a cyber intrusion that has successfully breached the OT network. Under US Air Force and DOE contracts, GCAS and its […]

Is A.I. the ultimate solution for protecting critical infrastructure from sophisticated cyber-attacks?

Kirk: “Machine over man, Spock, it was impressive, it might even be practical”; Spock: “But not desirable, computers make excellent and efficient servants, but I have no wish to serve under them,” -From Star Trek TOS episode “The Ultimate Computer”. One of the episodes from the 1960’s TV  series Star Trek was called “The Ultimate […]

ISA MLM-38A “Identifying Control System Cyber Incidents” has been issued

[UPDATED 21-Oct-2023] ISA99 has approved the peer-reviewed Micro Learning Module (MLM) 38A – “Identifying Control System Cyber Incidents”. Those wishing to see the MLM should send their request to ISA99Chair@gmail.com. It is not possible to have an effective OT/ICS cyber security program if you can’t identify control system incidents as being cyber-related. Yet, OT cyber security is […]

Recent control system cyber cases can impact safe facility operation

IP network hacks and ransomware may not be able to be stopped. That includes cyberattacks against control system vendors who offer “cyber secure systems” and cyber security services. Control system vendors provide systems globally including to China, and some also have design and manufacturing facilities in China. The Johnson Controls and Bently-Nevada cases are not […]

CS2AI podcast on control system cyber security

I did a podcast for CS2AI on control system cyber security. The podcast was to educate people that control systems are composed of process sensors, actuators, drives, controllers, HMIs, networks, and network devices because OT cyber security practitioners have limited the discussion to HMIs, OT networks, and OT network devices. The podcast also discussed the […]

Is the U.S. Government’s Cyber Informed Engineering Implementation Guide the long-awaited breakthrough in CIP?

USCG Icebreaker opening path through the ice* This past year has been disappointing for governments and institutions issuing documents on critical infrastructure protection.  The European Union has issued a draft of the Cyber Resilience Act[1] and NIS2 Directive[2].   Across the Atlantic the U.S. has after a series of high-profile cyber incidents on its infrastructure (Colonial […]