What happened at the Taishan Unit 1 nuclear plant in China?

June 14, 2021, CNN reported that the Chinese Taishan Unit 1 EPR nuclear reactor experienced unusual operating conditions. Specifically, Framatome warned of an “imminent radiological threat”. The warning included an accusation that the Chinese safety authority was raising the safety limits for radiation detection limit to avoid having to shut it down. June 16, 2021, […]

PLC TOP20 Programming Tips

Among the tribes of engineers, there are certain things we just have to learn by doing. One of them is PLC programming. Somehow, we engineers are expected to emerge from college knowing good practices for programming a PLC. Some of us older engineers learned to program using FORTRAN. If we were lucky, we learned about […]

TAG Cyber Roundtable interview- “Enough About Data Breaches. Let’s Talk About OT Security”

David Hechler from Tag Cyber hosted a roundtable discussion with Mark Weatherford, who has held a variety of executive-level positions in the public and private sectors, and me on operational technology (OT). The discussions were published in the form of an edited transcript at TAG Cyber Law Journal https://www.cyberinsecuritynews.com/ot-videos. The discussion was called “Enough About […]

June 8th and 9th virtual keynotes to cyber security conferences – gaps between networking and engineering

June 8th, I will be giving a keynote at the Cyber Observatory IOT and ICS conference (https://www.cyberinnovationsummits.com/industrial-cybersecurity-iiot-event/). I also will be participating in an executive roundtable on supply chain. Also on June 8th, I will be on a panel session June 8th and giving a keynote June 9th at the 2021 New York State Cyber […]

Process sensor issues continue to be ignored and are placing the country at extreme risk

A recent NERC Lessons Learned event discussed where a combined cycle power plant in Florida suffered significant load oscillations because a sensor provided erroneous input to the steam turbine controller. The controller reacted by cycling the turbine resulting in 200MW load swings (see Max 737 plane crashes). These oscillations caused a 0.25Hz impact on the […]

TSA cyber security requirements are still not addressing control system-unique issues

The new TSA cyber security requirements developed based on the Colonial Pipeline event will require timely identification and notification of cyberattacks. There have been more than 50 control system cyber incidents in natural gas and liquid pipeline systems yet only the Colonial Pipeline incident has been identified as being a cyber incident (cyberattack). Detecting cyberattacks […]

Food Security magazine interview – Cyberattacks: What food processors won’t talk about

With the concerns being voiced about the need for critical infrastructure cyber security in electric, water (Oldsmar), and energy (Colonial Pipelines), I have seen little discussion about the food sector which has no cyber security requirements for the control systems used in the food manufacturing process (Food Safety Management Act). Consequently, March 14, 2021 I […]

“Air-Gapping” IT and OT?

Following the Colonial Pipeline Ransomware incident, Twitter exploded in to an orgy of blather from people demanding that we “air-gap” ICS. Those righteous keyboard warriors know what is best, I’m sure. We cannot avoid having a secured connection with the office. But on the other hand, we don’t need ICS networks to be connected to […]