There have been almost 12 million control system cyber incidents globally across all sectors resulting in more than 1,500 deaths, and more than $90 Billion USD directly damage. Our article, “Control System Cyber Incidents Are Real—and Current Prevention and Mitigation Strategies Are Not Working”, has been published in the January issue of IEEE Computer magazine. […]
Category: General Topic
[UPDATE] IT v. OT v. ICS Paradigm Framework, Revision 3
Shown below is the most recent version of the IT v. OT v. ICS paradigm framework, along with examples of recent attacks (only) since (approximately) 2010. Please note that this updated paradigm framework is to provide a frame of reference insofar as to how IT and OT v. ICS complement, yet are uniquely different, from […]
Cross industry meeting to address the gap in process sensor cyber security and process safety
A virtual cross-industry meeting was held on January 5th, 2022 under the purview of IEEE, with universities and standards development and industry organizations representing a cross-section of critical infrastructures. Essentially, “a coalition of the willing”. As process sensors are used in all sectors, the intent of the meeting was to create outcomes and a way […]
There’s more to control system cybersecurity than IT and OT networks – TSA is missing that distinction
Control system cyber incidents affecting pipelines, rail, and aviation have caused catastrophic damage resulting in multi-billion-dollar impacts and hundreds of deaths. Detecting cyberattacks against IT and OT networks can be done today. However, the same cannot be said for detecting control system cyber incidents (attacks and unintentional incidents) that occur with the cyber insecure control […]
The gaps preventing cyber securing physical infrastructures
Physical infrastructures are monitored and controlled using instrumentation and control systems. Instrumentation monitors the processes and control systems control the physics. I have not used the term “critical infrastructure” as these issues apply to any physical infrastructure. Yet, instrumentation and the physics of the processes are often ignored as the focus of security experts is […]
Electric distribution reclosers can be cyber compromised to cause devastating wildfires
October 13, 2021, the San Jose Mercury News had the following headline: “High-wire act for PG&E: balancing safety, reliability”. PG&E is facing lawsuits and pleaded guilty to 84 counts of voluntary manslaughter in a 2018 blaze that nearly destroyed the town of Paradise. Consequently, PG&E is taking a zero-tolerance approach to “arcing,” which happens when […]
IIOT session on control system cyber security – Why hasn’t control system cyber security been solved yet?
October 6, 2021, 2-2:55pmEastern, I will be moderating a session on control system cyber security entitled “Why haven’t we solved control system cyber security yet?” The session was originally entitled “Protection for SCADA systems, plant control systems, PLCs, and other field control devices”. However, the title and session direction changed when it was recognized that […]
Formal response to FERC Complaint EL21-99-000 on Chinese equipment in the US grid
September 13, 2021, I submitted my response to the FERC Complaint EL21-99-000 on the use of Chinese-made equipment for critical equipment used in the US grid. The equipment identified can be used in many other critical infrastructures such as water/wastewater, pipelines, oil/gas, and manufacturing. – https://www.controlglobal.com/blogs/unfettered/formal-response-to-ferc-complaint-el21-99-000-on-chinese-equipment-in-the-us-grid
Who’s Who in Cybersecurity
I have recently been honored with being accepted into the Top Cyber News Magazine’s “Who’s Who in Cybersecurity”. If you have a LinkedIn account, please following this URL: https://www.linkedin.com/feed/hashtag/?keywords=topcybernews
Do the Chinese “own” our electric grids and other infrastructures?
The national focus on cyber security has been on data breaches including ransomware which is what precipitated the August 25, 2021, White House Cyber security meeting. For IT networks, the focus on data breaches is sufficient. However, the real concern for critical infrastructures is not data breach but equipment damage that can cause very extended […]