A highly sophisticated Russian Intelligence group has compromised the SolarWinds Orion platform which has an estimated 18,000 customers and an unknown but vast number of sites. The SolarWinds advisories and webinars have focused on the IT networks, network visibility, and data exfiltration/compromise. However, SolarWinds is also used to directly monitor and CONTROL SNMP devices including […]
Category: Unfettered
Lack of IoT HVAC control system cyber security and potential real-world impacts
A new IoT valve/actuator from a major HVAC equipment supplier has not only no device security. A further look at the supplier’s catalog shows additional products that communicate using common building insecure communication protocols such as BACnet and Modbus. The ability to remotely control these valves/actuators allows for unauthorized control of a building’s environmental control […]
The Chinese hardware backdoors can cause transformer failures through the load tap changers
As I was reviewing my blogs for a paper I was preparing, I found a nuclear power plant incident involving a station auxiliary transformer load tap changer (LTC) failure. Substation transformers have been acknowledged as the Achilles heel of the electric industry. As a result, the 2015 FAST (Fixing America’s Surface Transportation) Act contained a […]
Another view of supply chain risks – third suppliers
Several years ago I was doing a control system cyber risk assessment for a regional transit agency. The most significant safety issue was the Liquified Natural Gas (LNG) transit bus refueling facility. The LNG facility was on the transit agency property and was for use for the LNG-powered transit buses and other LNG-powered agency vehicles. […]
A critical look at the CSIS Report “Dismissing Cyber Catastrophe”
Jim Lewis is a Sr VP at the Center for Strategic and International Studies (CSIS). He wrote the article “Dismissing Cyber Catastrophe” dated August 17, 2020 – https://www.csis.org/analysis/dismissing-cyber-catastrophe?utm_source=CSIS+All&utm_campaign=e4d5b3e04c-EMAIL_CAMPAIGN_2018_11_08_05_05_COPY_01&utm_medium=email&utm_term=0_f326fc46b6-e4d5b3e04c-221758737 . In ‘Dismissing Cyber Catastrophe,’ Jim argues that concerns about industrial cyber security are overblown and the risk is exaggerated. Because the view that ‘cyber catastrophes’ are […]
CISA Alert AA20-205A addressed OT networks but did not address control systems
IT and OT networks are under continuing attacks with varying degrees of impacts. When the DHS CISA Alert was issued specifically identifying control systems, I had two questions: why now and what happened that was unique to control systems? For control system cyber security what is most important are the physical impacts from the control […]
Followup: INCOSE Critical Infrastructure Protection and Recovery(CIPR) Conference Call
On Thursday, April 9th, 2020, I gave a presentation to INCOSE Critical Infrastructure Protection and Recovery(CIPR) working group monthly call. With the large attendance, it was evident there was an interesting learning about the critical, but generally not addressed, issues of the engineering aspects of control system cyber security. There was also a common thread […]
INCOSE Control System Cyber Security Presentation
UPDATE 9-Apr: The April 9th INCOSE presentation now requires a Zoom password. Please send an e-mail to joe.weiss@realtimeacs.com to get the password. This coming Thursday, Thursday April 9th at 3PM Eastern / 12PM Pacific, is the April 2020 international call for the International Council on Systems Engineering (INCOSE)’s Critical Infrastructure Protection and Recovery (CIPR) Working Group’s Smart City […]