Category: Unfettered

The US food supply is neither cybersecure nor safe from control system cyber threats

Critical Infrastructure, Food/Agriculture, Unfettered 14-March-202114-March-2021 Joe Weiss

The US FDA is supposed to assure the US food supply is safe from adulteration. However, the FDA Food Safety Management Act (FSMA) requirements ignore cyber threats. There have been more than 20 control system cyber incidents in food and beverage facilities including some where people were harmed and others that shut down facilities. Similar […]

Observations from 2021 SANS ICS Cyber Security Conference

Critical Infrastructure, Dams, Electric, General Topic, Policy, Transportation, Unfettered, Water/Wastewater 8-March-20218-March-2021 Joe Weiss

The 2021 SANS ICS Cyber Security Conference was held March 4-5, 2021 with almost 9,000 registrants globally. The Conference thoroughly addressed OT networking issues. However, cyber security issues associated with Level 0,1 devices were not as adequately understood and addressed. There was also almost no discussion of the hardware backdoors in the Chinese-made transformers. My […]

Texas power outages demonstrate grid cyber vulnerability and inadequacy of existing regulations

Critical Infrastructure, Electric, General Topic, Policy, Unfettered 1-March-20211-March-2021 Joe Weiss

Recent Texas power outages and the loss of both electricity and water across Texas demonstrate how vulnerable ERCOT and Texas are to not only natural disasters such as snowstorms and hurricanes but also manmade and malicious activities. More than that, it also demonstrates the vulnerability of the entire U.S. Energy grid. The good news is […]

Don’t overlook the most consequential control system cyber events of 2020

Electric, Policy, Unfettered 21-January-202121-January-2021 Joe Weiss

URL: https://www.controlglobal.com/blogs/unfettered/dont-overlook-the-most-consequential-control-system-cyber-events-of-2020/ Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers, an incident that prompted Presidential Executive Order (EO) 13920. The hardware backdoors are obvious control system threats. The second event was the Russian SolarWinds […]

The SolarWinds hack can directly affect control systems

General Topic, Unfettered 22-December-202022-December-2020 Joe Weiss

A highly sophisticated Russian Intelligence group has compromised the SolarWinds Orion platform which has an estimated 18,000 customers and an unknown but vast number of sites. The SolarWinds advisories and webinars have focused on the IT networks, network visibility, and data exfiltration/compromise. However, SolarWinds is also used to directly monitor and CONTROL SNMP devices including […]

Lack of IoT HVAC control system cyber security and potential real-world impacts

General Topic, Unfettered 22-December-202022-December-2020 Joe Weiss

A new IoT valve/actuator from a major HVAC equipment supplier has not only no device security. A further look at the supplier’s catalog shows additional products that communicate using common building insecure communication protocols such as BACnet and Modbus. The ability to remotely control these valves/actuators allows for unauthorized control of a building’s environmental control […]

The Chinese hardware backdoors can cause transformer failures through the load tap changers

Critical Infrastructure, Electric, General Topic, Unfettered 17-November-202017-November-2020 Joe Weiss

As I was reviewing my blogs for a paper I was preparing, I found a nuclear power plant incident involving a station auxiliary transformer load tap changer (LTC) failure. Substation transformers have been acknowledged as the Achilles heel of the electric industry. As a result, the 2015 FAST (Fixing America’s Surface Transportation) Act contained a […]