Recent Texas power outages and the loss of both electricity and water across Texas demonstrate how vulnerable ERCOT and Texas are to not only natural disasters such as snowstorms and hurricanes but also manmade and malicious activities. More than that, it also demonstrates the vulnerability of the entire U.S. Energy grid. The good news is […]
Why America would not survive a real first strike cyberattack today
Mike Rogers is a former member of Congress who served as chairman of the House Intelligence Committee. He is the David Abshire Chair at the Center for the Study of the Presidency and Congress and is a senior fellow with the Intelligence Project at the Belfer Center for Science and International Affairs at Harvard University. […]
We are not learning valuable lessons for protecting critical infrastructure.
“Being aware of what is happening in cyberspace and communicating it to policy makers is not an easy task” On February 5th an engineer working for a small water utility in Florida noticed the mouse pointer moving on his SCADA control screen (where have we seen this before?). He watched in surprise as unauthorized changes […]
CISA Hits a Home Run!
In their Water and Wastewater Systems Security Recommendations, CISA touched on a subject that I rarely ever see anywhere: Before working on security, it helps to make the automation and the process more resilient. Even more important, the automation should actively refuse certain toxic moves. Yes, CISA was recommending that all Automation be made safer. […]
SCADA Apologists?
I really wish things were as simple as Dale Peterson makes them out to be. I’m not an apologist for the security situation among industrial control systems. But if all we had to do is lift a pen and sign off a few dozen checks, the security issue would have been done and gone already. […]
SCADASEC blog website is now secure
Our web site before was not completely secured, and we used self-signing certificates as an interim measure to ensure that the site was secure. Since we are not conducting e-commerce of any kind, the need for über super-secret security wasn’t necessary. Our choice was to use a more cost-effective CA provider called ‘Comodo’. Widely used […]
Don’t overlook the most consequential control system cyber events of 2020
URL: https://www.controlglobal.com/blogs/unfettered/dont-overlook-the-most-consequential-control-system-cyber-events-of-2020/ Two of the most consequential control system cyber events (attacks) in 2020 were supply chain attacks. The first event was the Chinese installing hardware backdoors in large electric transformers, an incident that prompted Presidential Executive Order (EO) 13920. The hardware backdoors are obvious control system threats. The second event was the Russian SolarWinds […]
A new “14 Points” for the security of critical infrastructure in cyberspace
“All the peoples of the world are in effect partners in this interest, and for our own part we see very clearly that unless justice be done to others it will not be done to us.” – Woodrow Wilson, 1918 It was a 102 years ago that U.S. President Woodrow Wilson made his peace proposals […]
Unsettling trends in cyberspace: 2010-2020
“Nine for Mortal Men, doomed to die,One for the Dark Lord on his dark throneIn the Land of Mordor where the Shadows lie.One Ring to rule them all, One Ring to find them,One Ring to bring them all and in the darkness bind them.In the Land of Mordor where the Shadows lie.” – J.R.R. Tolkien, […]
OT v. ICS Survey
Out of 113 votes, the following percentages are broken in 4 components: OT and ICS are the same 8% OT and ICS are different 16% OT is a sub-component of ICS 9% ICS is a sub component of OT 67% This survey was conducted sometime mid-November, 2020