[Updated 2033 hrs Central: I’ve made a few tweaks to the definition.] I’ve thought of ingenious ways of creating words that are both funny and meaningful. Reason for this way of thinking is the ever-growing number of cyber threats, attacks and vulnerabilities, and how little we (as a society in general) are doing anything about […]
Category: General Topic
Targeting Control and Safety Instrumented Systems (SIS): new escalation of cyber threats to critical [energy] infrastructure
“It is no use saying, ‘We are doing our best.’ You have got to succeed in doing what is necessary.” – Winston Churchill Introduction Industrial Control and Safety systems play an important part in insuring that the physical processes taking place in a manufacturing plant, power generation facility or other segment of critical infrastructure do […]
Computer Science programs may fall short in contributing to critical infrastructure protection
“There’s a great future in plastics. Think about it. Will you think about it?” – Advice given to a young man in the 1967 Film, “The Graduate” (1) In the 1967 film, “The Graduate” an older man gives insider advice to a young person struggling to decide on a future career. I was in […]
Remember why ICS happened in the first place
I’ve seen people in a project who have spared very little to defend the industrial control system. They mean well. But sadly, they’re overlooking the basic economics that drove Industrial Control Systems (ICS) in to being. Engineers designed the first control systems so that the process could be managed more easily, with fewer staff, and […]
What was that Purdue Model stuff, anyway?
The Purdue Enterprise Reference Architecture (commonly known as the Purdue Model) for control systems is old. People have forgotten what it originally was about. When it was first introduced, the big concern behind the Purdue Model was keeping computing and networks deterministic so that they wouldn’t fault. Toward that end, it introduced network segmentation as […]
Looking at the educational value of a famous cyber incident
In a recent discussion on SCADASEC one contributor spoke of the educational value of Stuxnet. Yes there are several lessons that can learned from an incident that was first made public in 2010. It has been well documented from a technical point of view but perhaps some lessons can be still learned from an international […]
Complex control systems used by ships at sea are subject to the same kinds of accidents and challenges.
“This is where you talk about fleets coming to a stop. Our ships are floating SCADA systems” – Capt. Mark Hagerott (ret.), Deputy director of cybersecurity for the U.S.N. Academy (1) Many years ago I had the good fortune to have two good friends who both owned wooden (African Mahogany) sailing boats. One was a […]
Is Society Too Trusting?
I wanted to share an interesting observation from this past weekend. Though this does not relate to SCADA/ICS, it does demonstrate just how trusting people are. This past Friday, I had tagged along with my wife as we went to Wal-Mart for our weekly shopping. Following the general shopping, she wanted to go and check […]
Policies and Protocols for a Breach
It is going to happen sooner or later. Someone raises the question: Have we been hacked? It seems like a simple question. However, before we can ever get to the “it must be a hack” phase, we need to eliminate all the other likely failure modes. Some of them can be very subtle and difficult […]
Security Breach Detection
When I see most OT staff discuss ICS security, they usually begin with some networking gewgaws and tweaks. This sort of stuff is interesting the first few times going through this exercise. However, it doesn’t take long to realize that network security alone is a multi-headed hydra of a problem. The more we try and […]