“Almost to a person, the disaster planners concluded that the Abqaiq extralight crude complex was both the most vulnerable point of the Saudi oil system and its most spectacular target” – R. Baer, “Sleeping with the devil”. When a cyber incident is publically disclosed it is not a time to name and blame. It is […]
A common rant by many coming from the IT Security realm is that Industrial Control Systems integration is often poor and security is even worse. They’re quite right. What they probably don’t know is how it got that way. I have been hinting at this for some time and now I’m going unleash a rant […]
I knew Roy Ashlin from my earliest days at the Washington Suburban Sanitary Commission (WSSC). We were co-workers during the early days of the first SCADA system that WSSC installed. Roy wasn’t in the best of health. One of his legs had to be amputated just above the knee due to a blood clot. He […]
Introduction It dawned on me recently that that there is very little discussion on why an Industrial Control Systems (ICS) lab is needed or what it is used for. I am jotting down these notions in the hope that others can add to this discussion and help justify a lab to managers who may not […]
[Updated 2033 hrs Central: I’ve made a few tweaks to the definition.] I’ve thought of ingenious ways of creating words that are both funny and meaningful. Reason for this way of thinking is the ever-growing number of cyber threats, attacks and vulnerabilities, and how little we (as a society in general) are doing anything about […]
“It is no use saying, ‘We are doing our best.’ You have got to succeed in doing what is necessary.” – Winston Churchill Introduction Industrial Control and Safety systems play an important part in insuring that the physical processes taking place in a manufacturing plant, power generation facility or other segment of critical infrastructure do […]
“There’s a great future in plastics. Think about it. Will you think about it?” – Advice given to a young man in the 1967 Film, “The Graduate” (1) In the 1967 film, “The Graduate” an older man gives insider advice to a young person struggling to decide on a future career. I was in […]
I’ve seen people in a project who have spared very little to defend the industrial control system. They mean well. But sadly, they’re overlooking the basic economics that drove Industrial Control Systems (ICS) in to being. Engineers designed the first control systems so that the process could be managed more easily, with fewer staff, and […]
“Pay no attention to that man behind the curtain!” – From the film Wizard of Oz, 1939 Recently on the SCADASEC list there have been discussions of reports of cyber attacks on the critical infrastructures of other states with the naming of the state that is responsible. Some say attribution of responsibility is far less […]
The Purdue Enterprise Reference Architecture (commonly known as the Purdue Model) for control systems is old. People have forgotten what it originally was about. When it was first introduced, the big concern behind the Purdue Model was keeping computing and networks deterministic so that they wouldn’t fault. Toward that end, it introduced network segmentation as […]
