Category: Unfettered

The need to identify control system incidents as being cyber-related

Critical Infrastructure, General Topic, Policy, Unfettered 18-December-202418-December-2024 Joe Weiss

Control system cyber incidents are different from network cyber incidents because you can’t hide their impact: plane, trains, and ships crash, pipeline rupture, power and water are lost, etc. What is not identified is that many of these incidents have been cyber-related, and this failure to recognize them is because of a lack of appropriate […]

Ford recall on a control system cyber issue

Critical Infrastructure, General Topic, Policy, Unfettered 22-November-202422-November-2024 Joe Weiss

These, and other types of “subtle” control system cyber issues that do not involve Internet Protocol networks demonstrate that identifying control system incidents as being cyber-related often is not obvious. NHTSA recalled 144,500 Ford Mavericks over concerns that the rearview camera display could show frozen images while backing up. November 14, 2024, NHTSA announced that […]

Network security and engineering are still not on the same page, not even the same book

Critical Infrastructure, General Topic, Policy, Unfettered 29-October-202429-October-2024 Joe Weiss

There is a continuing culture chasm between cybersecurity managed by the CISO and engineering and operations personnel responsible for OT. Part of the gap stems from many CISOs’ and their teams lack of experience and understanding of control /protection systems and devices and engineering and operations requirements and work processes. Engineering and Operations have a […]

OT/control system cyber security has changed and not for the better

Critical Infrastructure, General Topic, Policy, Unfettered 10-October-202410-October-2024 Joe Weiss

There has been significant progress in securing IT and OT networks. However, one would expect that after 23 years, the “OT” security community would be further along in securing critical infrastructures from control system and other kinetic cyber incidents. Unfortunately, the engineers needed to safely secure control systems are generally not involved while the network […]

Sam Houston State University paper – “Who’s in charge of OT security”

Critical Infrastructure, Electric, Internet of Things, Policy, Unfettered 28-September-202428-September-2024 Joe Weiss

The Institute for Homeland Security at Sam Houston State University published my paper –Whos_in_Charge_of_OT_Security.pdf (ihsonline.org). CISOs have traditionally been responsible for cyber security of enterprise IT networks excluding the control system (operational) assets which were under the purview of the engineering organizations. After the 2006 Gartner Research paper that coined the term “OT”, the CISOs […]

Government and industry are indifferent or unaware of critical infrastructure kinetic cyber incidents

Critical Infrastructure, General Topic, Policy, Unfettered 24-September-202424-September-2024 Joe Weiss

Pagers and walkie-talkies are still used by US critical infrastructures such as power, water, and oil/gas. It appears the compromise of the Hezbollah pagers, walkie-talkies, and solar systems were supply chain attacks, somewhat akin to the Farewell Dosier attack on Gazprom in 1982. The Hezbollah pagers and walkie-talkies needed to be remotely actuated, making them […]

Government and industry organizations’ gaps in understanding control system cybersecurity

Critical Infrastructure, General Topic, Policy, Unfettered 5-September-20245-September-2024 Joe Weiss

Cybersecurity programs assume organizations can recognize control system incidents as being cyber-related. Yet the lack of control system cyber expertise by government organizations including NTSB, FDA, FBI, TSA, EPA, CISA, and DOE have not identified control system incidents as being cyber-related. The five cases discussed were fatal catastrophes. In all cases, NTSB identified control systems […]

Critical infrastructure cyber security incident reporting is not working

Critical Infrastructure, General Topic, Policy, Unfettered 24-August-202424-August-2024 Joe Weiss

Viable cyber security programs require organizations to recognize incidents as being cyber-related. That is generally straightforward for IT and OT network-based cyber incidents. However, the same can’t be said for control system cyber incidents in any sector. People in cybersecurity are comfortable with saying that insider threats (to data and IT systems) can be either […]

CrowdStrike, SolarWinds, and Stuxnet demonstrated the cyber fragility of IT and OT systems

Critical Infrastructure, General Topic, Policy, Unfettered 30-July-202431-July-2024 Joe Weiss

Fifteen years ago, Stuxnet demonstrated that getting to the Engineers’ Workstations can cause devastating damage. Three years ago, SolarWinds showed that malware could be inserted into the update cycle. Two weeks ago, CrowdStrike demonstrated that Engineers’ Workstations are still cyber vulnerable to automatic updates that are fully trusted. It was evident that OT (and IT) […]

Issues with Identifying Control System Cyber Incidents – MORS presentation

General Topic, Policy, Unfettered 19-July-202419-July-2024 icadmin

July 17, 2024, I gave a presentation to the Military Operations Research Society (MORS) on “Issues with Identifying Control System Cyber Incidents.” Government and industry organizations tend to under-report, and under-share control system cyber incidents. Identifying control system cyber incidents is much less mature than IT and OT network anomaly detection with minimal applicable cyber […]