Happy New Year everyone. As 2023 came to an end several “top 10” year-end cybersecurity lists were published by various organizations. One of them was by ESET a security company based in Slovakia that has provided much useful analysis and news about cybersecurity in the past. Its website claims it has “experienced researchers with in-depth […]
Why is CISA not addressing the PLCs in the Unitronics PLC attack?
The Unitronics PLC hack is an Iranian IRGC supply chain attack against multiple US critical infrastructures on US soil (it has also affected international users) targeting the Israeli-made Unitronics PLCs through its customers. The CISA response has been less than satisfactory as this was an attack against the PLCs whereas CISA’s recommendations only addressed IT […]
Iran hacks US water system: Observation and implications of a terrorist attack on US soil
November 25, 2023, the Municipal Water Authority of Aliquippa, PA had one of its booster stations hacked by an Iranian-backed cyber group – CyberAv3ngers. The booster station monitors and regulates pressure for customers within the City of Aliquippa and portions of two neighboring Townships. An alarm went off as soon as the hack had occurred […]
Cyber-related rail incidents have killed more than 490
Most rail cyber incidents have been IT cyberattacks. Existing government and industry cyber security guidelines have focused on these IT issues. The government and industry cyber security guidelines have often failed to address the control system cyber issues that have resulted in catastrophic control system cyber rail incidents. There have been more than fifty control […]
Forecasting where a hacker will go once inside an OT network
Work is ongoing in identifying cyber threats, and vulnerabilities, and locating hacker penetration in electric utility and other OT networks. However, existing technologies including IDS, IPS, SIEM, and SOAR can’t predict the future movement of a cyber intrusion that has successfully breached the OT network. Under US Air Force and DOE contracts, GCAS and its […]
Is A.I. the ultimate solution for protecting critical infrastructure from sophisticated cyber-attacks?
Kirk: “Machine over man, Spock, it was impressive, it might even be practical”; Spock: “But not desirable, computers make excellent and efficient servants, but I have no wish to serve under them,” -From Star Trek TOS episode “The Ultimate Computer”. One of the episodes from the 1960’s TV series Star Trek was called “The Ultimate […]
ISA MLM-38A “Identifying Control System Cyber Incidents” has been issued
[UPDATED 21-Oct-2023] ISA99 has approved the peer-reviewed Micro Learning Module (MLM) 38A – “Identifying Control System Cyber Incidents”. Those wishing to see the MLM should send their request to ISA99Chair@gmail.com. It is not possible to have an effective OT/ICS cyber security program if you can’t identify control system incidents as being cyber-related. Yet, OT cyber security is […]
Recent control system cyber cases can impact safe facility operation
IP network hacks and ransomware may not be able to be stopped. That includes cyberattacks against control system vendors who offer “cyber secure systems” and cyber security services. Control system vendors provide systems globally including to China, and some also have design and manufacturing facilities in China. The Johnson Controls and Bently-Nevada cases are not […]
CS2AI podcast on control system cyber security
I did a podcast for CS2AI on control system cyber security. The podcast was to educate people that control systems are composed of process sensors, actuators, drives, controllers, HMIs, networks, and network devices because OT cyber security practitioners have limited the discussion to HMIs, OT networks, and OT network devices. The podcast also discussed the […]
The European Union moves to regulate its digital economy by proposing cybersecurity requirements – is the CRA a bridge too far?
“In other words, there is no resilience in this particular material when it is at a temperature of 32 degrees. I believe that has some significance for our problem.” – Professor Richard Feynman commenting during the 1986 Challenger Commission hearings. The Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal […]