“Everybody talks, nobody listens. Good listeners are as rare as white crows” – Helen Keller Wired[1] cites a Dragos report[2] on a cyber-attack on ICS with affect on well-being of society. The attack was performed using the MODBUS protocol[3] and was able to manipulate ICS devices (ENCON PLC) to cause heating systems to fail in […]
Tag: Critical Infrastructure Protection CIP
Whose list of top cybersecurity events of 2023 is worth using?
Happy New Year everyone. As 2023 came to an end several “top 10” year-end cybersecurity lists were published by various organizations. One of them was by ESET a security company based in Slovakia that has provided much useful analysis and news about cybersecurity in the past. Its website claims it has “experienced researchers with in-depth […]
Is the U.S. Government’s Cyber Informed Engineering Implementation Guide the long-awaited breakthrough in CIP?
USCG Icebreaker opening path through the ice* This past year has been disappointing for governments and institutions issuing documents on critical infrastructure protection. The European Union has issued a draft of the Cyber Resilience Act[1] and NIS2 Directive[2]. Across the Atlantic the U.S. has after a series of high-profile cyber incidents on its infrastructure (Colonial […]
Having a framework for a boat does not guarantee that it will float or sail well.
The above is a drawing of the framework of the 17th Century Swedish warship “Vasa”. The design of the bottom was too shallow and caused the ship to tip over when it tried to sail out of port. Lately governments have been issuing cybersecurity policy documents that are shallow in their depth of understanding of […]
State of ICS Cybersecurity and Critical Infrastructure: Half empty, Half full, or Stay Focused on the Quest?
A colleague recently expressed some dismay over the lack of progress in ICS cybersecurity in the past 20 years. He has a point, but I had to respond. Below is a copy of my response and hope it will be taken as something “for the good of the Order”. “Yeah I hear ya, but the […]
Cybergs sighted: course correction required for critical infrastructure protection
“Engineer Scott, please report to the bridge immediately” Frequently heard in some 1960’s era TV shows Are we being encouraged to implement the right measures for protecting the technologies used to monitor and control physical processes found in critical infrastructure or have we hit a cyberg[1]? This is the question I asked myself when first […]