I recently watched a webinar on industrial control system security[1] and asked a question during the Q and A. My question was „Could you also have an engineer’s SOC rather than an IT/OT SOC?“. My motive for asking this question was based on my understanding that the tradition enterprise SOC is IT oriented (office LAN/WAN, […]
The Forgotten Aspects of ICS Security
I was lamenting the state of the Industrial Control System Security recently with some friends. Things are very lopsided right now. In the beginning days of ICS Security concerns, there were a few hackers who had no idea what they were getting in to and a few very scared engineers were uncertain about what these […]
Followup: INCOSE Critical Infrastructure Protection and Recovery(CIPR) Conference Call
On Thursday, April 9th, 2020, I gave a presentation to INCOSE Critical Infrastructure Protection and Recovery(CIPR) working group monthly call. With the large attendance, it was evident there was an interesting learning about the critical, but generally not addressed, issues of the engineering aspects of control system cyber security. There was also a common thread […]
Diagramming ICS Security
In a blog post, Sarah Fluchs made a very important point: We have diagrams and abstractions for virtually everything in an industrial control system. But for some reason, we don’t do this for industrial control system network security. I think she has has pointed her finger on the pulse of the problem with industrial control […]
INCOSE Control System Cyber Security Presentation
UPDATE 9-Apr: The April 9th INCOSE presentation now requires a Zoom password. Please send an e-mail to joe.weiss@realtimeacs.com to get the password. This coming Thursday, Thursday April 9th at 3PM Eastern / 12PM Pacific, is the April 2020 international call for the International Council on Systems Engineering (INCOSE)’s Critical Infrastructure Protection and Recovery (CIPR) Working Group’s Smart City […]
Do Not Write Directly to Outputs or Timers in a PLC
Another point I made in the S4x20 Presentation had to do with input validation in a PLC. If you have paired inputs, such as START and STOP, FORWARD and REVERSE, OPEN and CLOSE, etc… you should ensure that both inputs or both outputs are not asserted together. It is an important validation step to ensure […]
Handling Indirection Safely on a PLC
I’ve seen my share of indirection errors on a PLC. I developed the method I describe here because I was sick of seeing people scratching their heads, wondering where the weirdness came from. There are many reasons to use indirection, or the value of a register in another register. There may be a need for […]
Integrity Features of a Programmable Logic Controller
Introduction This blog post is an outgrowth of a topic I quickly waved my hand about at S4x20. Glenn Merrill reminded me that I hadn’t really followed up on it. It deals with the built in self integrity and diagnostics features found in most Programmable Logic Controller (PLC) gear. First and foremost, the PLC vendors […]
Coming on April 1st
Joe Weiss’ UNFETTERED blog is coming to the //SCADAS.EC website starting on April 1st.
Perhaps one step backward in building CIP capacity?
“The definition of insanity is doing the same thing over and over again and expecting a different result – Attributed to A. Einstein A recent post titled “Regarding (AA20-049A) Ransomware Impacting Pipeline Operations” on SCADASEC pointed out the FUD promoting aspects of an alert published by The Cybersecurity and Infrastructure Security Agency (CISA) at […]