ISA MLM-38A “Identifying Control System Cyber Incidents” has been issued

[UPDATED 21-Oct-2023] ISA99 has approved the peer-reviewed Micro Learning Module (MLM) 38A – “Identifying Control System Cyber Incidents”. Those wishing to see the MLM should send their request to ISA99Chair@gmail.com. It is not possible to have an effective OT/ICS cyber security program if you can’t identify control system incidents as being cyber-related. Yet, OT cyber security is […]

Recent control system cyber cases can impact safe facility operation

IP network hacks and ransomware may not be able to be stopped. That includes cyberattacks against control system vendors who offer “cyber secure systems” and cyber security services. Control system vendors provide systems globally including to China, and some also have design and manufacturing facilities in China. The Johnson Controls and Bently-Nevada cases are not […]

CS2AI podcast on control system cyber security

I did a podcast for CS2AI on control system cyber security. The podcast was to educate people that control systems are composed of process sensors, actuators, drives, controllers, HMIs, networks, and network devices because OT cyber security practitioners have limited the discussion to HMIs, OT networks, and OT network devices. The podcast also discussed the […]

Is the U.S. Government’s Cyber Informed Engineering Implementation Guide the long-awaited breakthrough in CIP?

USCG Icebreaker opening path through the ice* This past year has been disappointing for governments and institutions issuing documents on critical infrastructure protection.  The European Union has issued a draft of the Cyber Resilience Act[1] and NIS2 Directive[2].   Across the Atlantic the U.S. has after a series of high-profile cyber incidents on its infrastructure (Colonial […]

A Tale of Two Cities water attacks – Oldsmar and Discovery Bay

There have been more than 130 control system cyber incidents in water/wastewater utilities. Like Oldsmar and Discovery Bay, most of these incidents have occurred in small water utilities. Many of these incidents were not publicly disclosed, nor were the utilities required to disclose these incidents. When the Oldsmar water “hack” was publicized, a water system […]

Differences between IT and control system cyber incidents in maritime

Researchers at NHL Stenden University of Applied Sciences in the Netherlands have launched the Maritime Cyber Attack Database (MCAD). MCAD includes information on over 160 cyber incidents in the maritime industry. When compared to my database of control system cyber incidents, the MCAD database was missing the cases where control system cyber-related incidents caused physical […]

“Chattinn Cyber” with Marsh’s Marc Schein on critical infrastructure cyber security

Marc Schein is the Northeast Cyber Champion for Marsh & McLennan (insurance). Marc has spoken before members of Congress and leaders in the Aviation Industry on Capitol Hill regarding the issues and costs of cyber breaches, and how to properly transfer risk to ensure that an organization or business is properly protected from what might […]