I did a podcast with Erin Hallstrom of Putman’s Food Processing on the global threat to food safety. The podcast was issued June 25, 2021 – Food For Thought: How Hackers Are Using Your Control Systems to Launch Cyberattacks
Category: General Topic
Time to start thinking of your operations as a target
“Whenever you do a thing, act as if all the world were watching”[1] – Thomas Jefferson Jake Brodsky shared an article about another water utility incident and went on to write a blog about it ( https://scadamag.infracritical.com/index.php/2021/06/17/yet-another-water-plant-at-risk/ ). Both of these got me thinking. Assuming there is a desire for achieving excellence is there something […]
Yet Another Water Plant at Risk?
It’s Thursday, June 17th and yet another water utility got hacked using Teamviewer and an account that should have been removed. Ladies and Gentlemen of the water utility business: Please get more serious about how you manage remote access. If you don’t absolutely need it, don’t use remote access software. If you have people on […]
PLC TOP20 Programming Tips
Among the tribes of engineers, there are certain things we just have to learn by doing. One of them is PLC programming. Somehow, we engineers are expected to emerge from college knowing good practices for programming a PLC. Some of us older engineers learned to program using FORTRAN. If we were lucky, we learned about […]
June 8th and 9th virtual keynotes to cyber security conferences – gaps between networking and engineering
June 8th, I will be giving a keynote at the Cyber Observatory IOT and ICS conference (https://www.cyberinnovationsummits.com/industrial-cybersecurity-iiot-event/). I also will be participating in an executive roundtable on supply chain. Also on June 8th, I will be on a panel session June 8th and giving a keynote June 9th at the 2021 New York State Cyber […]
Process sensor issues continue to be ignored and are placing the country at extreme risk
A recent NERC Lessons Learned event discussed where a combined cycle power plant in Florida suffered significant load oscillations because a sensor provided erroneous input to the steam turbine controller. The controller reacted by cycling the turbine resulting in 200MW load swings (see Max 737 plane crashes). These oscillations caused a 0.25Hz impact on the […]
Policy makers these days give peculiar names to what they are protecting.
“Abbott: Strange as it may seem, they give ball players nowadays very peculiar names”Costello: Funny Names?Abbott: On the St. Louis team we have “Who’s on first, What’s on second, I Don’t Know’s on thirdCostello: That’s what I want to find out. I want you to tell me the names of the fellows on the St. […]
“Air-Gapping” IT and OT?
Following the Colonial Pipeline Ransomware incident, Twitter exploded in to an orgy of blather from people demanding that we “air-gap” ICS. Those righteous keyboard warriors know what is best, I’m sure. We cannot avoid having a secured connection with the office. But on the other hand, we don’t need ICS networks to be connected to […]
Are your buildings and cloud cyber secure?
Many data centers that support the cloud as well as commercial buildings have not adequately addressed control system cyber security. The lack of adequately addressing building control system cyber security was demonstrated to have caused very significant financial and potentially safety impacts. When you consider these control system cyber threats can affect multiple buildings, the […]
Can We Trust Control Systems Networks?
Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, was quoted by Adam Mazmanian in FCW on April 8, 2021 saying “We picked control systems because those are the systems that control water systems, power systems, chemical systems, across the U.S. And we’re seeking to have visibility on those networks to detect anomalous […]