Before I begin, allow me to cite what we’re talking about: https://www.epa.gov/system/files/documents/2024-03/epa-apnsa-letter-to-governors_03182024.pdf The Environmental Protection Agency (EPA), and Cybersecurity and Infrastructure Security Agency (CISA), under direction from the Biden Administration, are pushing FUD (Fear, Uncertainty, and Doubt) to encourage cybersecurity with most water utilities. Yes, water utilities do need to improve their cybersecurity stance. However, […]
Category: General Topic
Exploiting remote access – the ultimate living off the land attack
Remote access to control systems is necessary for equipment reliability and availability. Securing remote access is a very tough problem because it is a double-edged sword providing needed reliability improvement and a potential vehicle for Living-off-the-Land attacks. Cyber security technologies exist to secure remote access from external intruders. However, cyber security programs are not adequately […]
Learn to Say No
When I first joined the water utility I discovered that my division chief, we’ll call him Ed, constantly projected himself as a crusty authoritarian figure. Every time someone would approach him with some “new idea,” perhaps even something he’d like to do, his first answer was almost always a resounding “No.” And unless they were […]
Getting Into OT
With all the public emphasis on infrastructure, many are asking how to “break into” Operational Technology (OT). It isn’t hard. But there are a few caveats. This blog is my experience and perceptions. There are others, so don’t take what I say as the only reality. There is a widespread perception that field work in […]
IEEE Computer article on identifying control system cyber incidents
The article “There Is No Chilling When Your Control System Cybersecurity Is Unfulfilling” is in the December 2023 issue of IEEE Computer magazine. The article discusses the importance of identifying control system incidents as being cyber-related as the identification is the starting point for cyber incident response programs. The example in the article is the shutdown of […]
Whose list of top cybersecurity events of 2023 is worth using?
Happy New Year everyone. As 2023 came to an end several “top 10” year-end cybersecurity lists were published by various organizations. One of them was by ESET a security company based in Slovakia that has provided much useful analysis and news about cybersecurity in the past. Its website claims it has “experienced researchers with in-depth […]
Why is CISA not addressing the PLCs in the Unitronics PLC attack?
The Unitronics PLC hack is an Iranian IRGC supply chain attack against multiple US critical infrastructures on US soil (it has also affected international users) targeting the Israeli-made Unitronics PLCs through its customers. The CISA response has been less than satisfactory as this was an attack against the PLCs whereas CISA’s recommendations only addressed IT […]
Forecasting where a hacker will go once inside an OT network
Work is ongoing in identifying cyber threats, and vulnerabilities, and locating hacker penetration in electric utility and other OT networks. However, existing technologies including IDS, IPS, SIEM, and SOAR can’t predict the future movement of a cyber intrusion that has successfully breached the OT network. Under US Air Force and DOE contracts, GCAS and its […]
Is A.I. the ultimate solution for protecting critical infrastructure from sophisticated cyber-attacks?
Kirk: “Machine over man, Spock, it was impressive, it might even be practical”; Spock: “But not desirable, computers make excellent and efficient servants, but I have no wish to serve under them,” -From Star Trek TOS episode “The Ultimate Computer”. One of the episodes from the 1960’s TV series Star Trek was called “The Ultimate […]
ISA MLM-38A “Identifying Control System Cyber Incidents” has been issued
[UPDATED 21-Oct-2023] ISA99 has approved the peer-reviewed Micro Learning Module (MLM) 38A – “Identifying Control System Cyber Incidents”. Those wishing to see the MLM should send their request to ISA99Chair@gmail.com. It is not possible to have an effective OT/ICS cyber security program if you can’t identify control system incidents as being cyber-related. Yet, OT cyber security is […]