A high official of the International Atomic Energy Agency (IAEA) is reported recently to have announced that a disrupting cyber incident took place at a nuclear power plant around two-three years ago. (1) He was quoted further saying “This issue of cyber-attacks on nuclear-related facilities or activities should be taken very seriously. We never know […]
Never has been a better time to practice one’s critical infrastructure attack skills
Last year was an interesting year for critical infrastructure protection. It began with the German Government’s Federal IT Department (BSI) issuing its yearly cyber incident report covering cyber incidents from the previous year. Noteworthy was the mention of a cyber-attack on the control systems of a steel mill that resulted in physical damage to the […]
SCADA Radio follies
I maintain several SCADA masters with licensed MAS radios. The older radios had served us long and well. However, we’re starting to see failures on the back side of the classic bathtub curve. Two days ago, we installed a new radio at one of our smaller master sites. This was our first swap-out of a […]
Denial of Service
Most in this business know who Brian Krebs is. He is well known for looking in the dark corners of the Internet for all sorts of obnoxious evil and documenting it. In the last day or two, he encountered what appear to be record levels of traffic aimed against his web site. His host, Akamai, […]
If control systems move back to analogue can we still keep our smart phones?
I have been following the discussion about the return to analogue. Both this and the Industry 4.0 movement are new to me and have put them on my “study this more” list. Recently a colleague sent me a paper, “The Case for Simplicity in Energy Infrastructure” (1) , which has captured my imagination. It very […]
Will the next “revolution” in information and communications technologies follow the same fate of failed political ones?
Political revolutions have a tendency to backfire. The high ideals of “liberty, fraternity and equality” behind the 1789 French Revolution ended with the guillotine. In the Russian Revolution of 1917 the promises of “peace, bread, and land” led to the Gulag. Even technological revolutions of the past had have downsides to them. One possible cause […]
Security Wrongs and Rights
I’m noticing a disturbing trend of late: Some end-users are actively trying to impose security from outside staff upon operations. In fact, some vendors are suggesting that this is a good thing to do. Sadly, imposing security on others is a doomed effort. They’re going to fail badly because they’re not thinking ahead of the […]
Meditations on Icelandic tomatoes and the challenge of raising cybersecurity awareness
Raising the awareness for a cybersecurity practitioner about the vulnerabilities of IT and Industrial Control Systems to today’s threats emanating from cyberspace can sometimes resemble the hopeless task of Sisyphus(1). The practitioner has the knowledge but it is not an easy thing to convey the concerns to higher management that may not be as technically […]
To prevail against the cat, the mouse must know the cat … and read some Sun Tzu
Last year I listened to a lecture on cybersecurity which included a prediction that we may be entering an age of “unhackable” equipment. The idea was that it will be possible to apply new encryption algorithms and improve the security aspects of hardware enough to make them immune to cyber-attacks (https://www.youtube.com/watch?v=kBXGRkan7rY ,see at 4 min. […]
Seeking to Develop Exercises That Test Response Capabilities to Any Threat & Add Value
Conducting an exercise can be a very useful tool for testing policies, procedures and actions of institutions for dealing with a perceived threat scenario. It offers the advantage of providing an idea of what would really happen if the worst was to happen without doing any real damage. It can provide answers to questions without […]