CISA’s new International Strategic Plan: will it improve the security of the world’s C.I.?

Solar power system inverter error code that indicates that the voltage on the grid is too high. The security of power grids even if they have been attacked from cyberspace by hostile actors is not even mentioned in CISA’s plan to protect critical “Physical” infrastructure. (photo by the author) The US Cybersecurity and Infrastructure Security […]

Government and industry organizations’ gaps in understanding control system cybersecurity

Cybersecurity programs assume organizations can recognize control system incidents as being cyber-related. Yet the lack of control system cyber expertise by government organizations including NTSB, FDA, FBI, TSA, EPA, CISA, and DOE have not identified control system incidents as being cyber-related. The five cases discussed were fatal catastrophes. In all cases, NTSB identified control systems […]

The European Union moves to regulate its digital economy by proposing cybersecurity requirements – is the CRA a bridge too far?

“In other words, there is no resilience in this particular material when it is at a temperature of 32 degrees. I believe that has some significance for our problem.” – Professor Richard Feynman commenting during the 1986 Challenger Commission hearings. The Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal […]

School of Athens

School of Industrial Cybersecurity: time to review the curriculum

It is hard sometimes for me to watch the discussions on critical infrastructure protection taking place these days.  Especially when it comes to cybersecurity practices and policies.  The conferences, announcements of new national cybersecurity strategies, pronouncements of industry opinion leaders on the media, government publications on best practices, guides, books and last of all vendor […]