A certain well known vendor of PLC equipment has been earning some heat from me recently. I’m not mentioning names because frankly, all of these big name vendors are facing the same problems. The issue is that even if we didn’t find sufficient reason to patch programs in a PLC, we’re finding that we have […]
Category: General Topic
Physical Layer Concerns
One of the more troublesome aspects of a control system is detecting when the I/O is broken versus a security problem of some sort. This is one of the keys between knowing that you’re being hacked versus having some sort of hardware failure. With that in mind, these are some measures I have found to […]
Raising cybersecurity awareness during a seminar on the future of energy policy and economy is not an easy thing to do.
“Although you cross the Atlantic for years and have ice reported and never see it, at other times it’s not reported and you do see it.” – Charles Lightoller, Titanic Second Officer (speaking at the public inquiry into the sinking) In one of my recent lectures on “The cybersecurity dimension of critical energy infrastructure” I […]
Thoughts on possible misconceptions over the cybersecurity of the energy sector
“The pump don’t work, cause the vandals took the handles” – Bob Dylan The use of high technology (information technology and telecommunications) has entered almost every aspect of our lives. You name a sector and it is there: finance, trade, energy, communications, transportation, even education and healthcare. High tech is what modern society is built […]
Proposing innovative solutions to a problem which will require even more solutions is not a good way to go
– After the ship has sunk, everyone knows how she might have been saved. – Italian proverb In an earlier blog I wrote about the importance of answering the key questions in developing a strategy to secure a critical asset (1). I could see the consequences of not taking the time to fully comprehend these […]
Knowing about the tip of the iceberg is not good enough
A high official of the International Atomic Energy Agency (IAEA) is reported recently to have announced that a disrupting cyber incident took place at a nuclear power plant around two-three years ago. (1) He was quoted further saying “This issue of cyber-attacks on nuclear-related facilities or activities should be taken very seriously. We never know […]
Never has been a better time to practice one’s critical infrastructure attack skills
Last year was an interesting year for critical infrastructure protection. It began with the German Government’s Federal IT Department (BSI) issuing its yearly cyber incident report covering cyber incidents from the previous year. Noteworthy was the mention of a cyber-attack on the control systems of a steel mill that resulted in physical damage to the […]
SCADA Radio follies
I maintain several SCADA masters with licensed MAS radios. The older radios had served us long and well. However, we’re starting to see failures on the back side of the classic bathtub curve. Two days ago, we installed a new radio at one of our smaller master sites. This was our first swap-out of a […]
Denial of Service
Most in this business know who Brian Krebs is. He is well known for looking in the dark corners of the Internet for all sorts of obnoxious evil and documenting it. In the last day or two, he encountered what appear to be record levels of traffic aimed against his web site. His host, Akamai, […]
Will the next “revolution” in information and communications technologies follow the same fate of failed political ones?
Political revolutions have a tendency to backfire. The high ideals of “liberty, fraternity and equality” behind the 1789 French Revolution ended with the guillotine. In the Russian Revolution of 1917 the promises of “peace, bread, and land” led to the Gulag. Even technological revolutions of the past had have downsides to them. One possible cause […]