July 17, 2024, I gave a presentation to the Military Operations Research Society (MORS) on “Issues with Identifying Control System Cyber Incidents.” Government and industry organizations tend to under-report, and under-share control system cyber incidents. Identifying control system cyber incidents is much less mature than IT and OT network anomaly detection with minimal applicable cyber […]
Category: General Topic
Military Operations Research Society (MORS) webinar – Issues with Identifying Control System Cyber Incidents
On July 17 at 9am Pacific, Joe Weiss will be presenting on “Issues with Identifying Control System Cyber Incidents”. There have been more than 17 million control system cyber incidents that have killed more than 32,000. Impacts have ranged from equipment shutdowns to region-wide power outages to catastrophic damage and deaths. These incidents (malicious and […]
URL Shortened Websites
A URL shortener (or “link shortener”) is an application that condenses web addresses, redirecting the shorter URL to the original web address URL. There are plenty of URL shorteners available (both free and paid), such as Bitly, along with blogging media (such as X (formerly Twitter)) and WordPress, as they often include automatic URL shortening […]
Identifying control system cyber incidents requires expertise not readily available and government reporting changes
Identifying control system incidents as being cyber-related is difficult. It is complicated when government and industry organizations rush to judgment by stating that incidents weren’t cyberattacks without knowing the actual cause or setting reporting thresholds that exclude many actual control system cyber incidents. Consequently, it is difficult to identify trends when so many real cases […]
Training for identifying control system incidents as being cyber-related
Each time I provide numbers of control system cyber incidents, I get feedback from OT cyber security experts and others “demanding” detailed information. The most recent case was my comment that there have been more than 150 control system cyber incidents in water/wastewater. Because of the lack of industry being able to identify control system […]
The 2024 RSA Cyber Security Conference – what wasn’t addressed can hurt you
Critical infrastructure cyber security took a prominent position at the RSA Cyber Security Conference with the issuance of NSM22. NSM22 states: “It is diverse and complex, and includes distributed networks, varied organizational structures, operating models, interdependent systems, and governance constructs.” There was no mention of hardware. Yet the critical infrastructure is dependent on hardware – […]
The origin of “The original ICS/SCADA system cybersecurity conference”
I started the ICS Cyber Security Conference in 2002 as there were no control system cyber security conferences for the control system engineers. The Conference continued until 2014 at which time I was unable to continue the Conference due to other extensive work commitments. In 2015 SecurityWeek bought the Conference and the ICS Cyber Security […]
Could the Dali container ship incident have been a control system cyberattack – YES!
The impacts of control system incidents are obvious, but their causes are usually less clear, especially when they might be cyber-related. However, control system cyber incidents have impacted the behavior and operation of ships as well as other critical infrastructures. GPS hacks have altered ships’ positions and displays. Some Chinese critical infrastructure such as port […]
Water Utility Cybersecurity, EPA & CISA, and You
Before I begin, allow me to cite what we’re talking about: https://www.epa.gov/system/files/documents/2024-03/epa-apnsa-letter-to-governors_03182024.pdf The Environmental Protection Agency (EPA), and Cybersecurity and Infrastructure Security Agency (CISA), under direction from the Biden Administration, are pushing FUD (Fear, Uncertainty, and Doubt) to encourage cybersecurity with most water utilities. Yes, water utilities do need to improve their cybersecurity stance. However, […]
Exploiting remote access – the ultimate living off the land attack
Remote access to control systems is necessary for equipment reliability and availability. Securing remote access is a very tough problem because it is a double-edged sword providing needed reliability improvement and a potential vehicle for Living-off-the-Land attacks. Cyber security technologies exist to secure remote access from external intruders. However, cyber security programs are not adequately […]