Industrial Cybersecurity

Having a framework for a boat does not guarantee that it will float or sail well.

General Topic 25-August-2023 Vytautas Butrimas

The above is a drawing of the framework of the 17th Century Swedish warship “Vasa”. The design of the bottom was too shallow and caused the ship to tip over when it tried to sail out of port. Lately governments have been issuing cybersecurity policy documents that are shallow in their depth of understanding of […]

State of ICS Cybersecurity and Critical Infrastructure: Half empty, Half full, or Stay Focused on the Quest?

General Topic 21-March-2023 Vytautas Butrimas

A colleague recently expressed some dismay over the lack of progress in ICS cybersecurity in the past 20 years. He has a point, but I had to respond. Below is a copy of my response and hope it will be taken as something “for the good of the Order”. “Yeah I hear ya, but the […]

School of Industrial Cybersecurity: time to review the curriculum

Critical Infrastructure 9-December-2022 Vytautas Butrimas

It is hard sometimes for me to watch the discussions on critical infrastructure protection taking place these days. Especially when it comes to cybersecurity practices and policies. The conferences, announcements of new national cybersecurity strategies, pronouncements of industry opinion leaders on the media, government publications on best practices, guides, books and last of all vendor […]

Cybergs sighted: course correction required for critical infrastructure protection

Critical Infrastructure, Policy 20-January-2022 Vytautas Butrimas

“Engineer Scott, please report to the bridge immediately” Frequently heard in some 1960’s era TV shows Are we being encouraged to implement the right measures for protecting the technologies used to monitor and control physical processes found in critical infrastructure or have we hit a cyberg[1]? This is the question I asked myself when first […]

Sometimes giving a speech is better than issuing a memorandum

General Topic 30-July-2021 Vytautas Butrimas

“I believe that this nation should commit itself to achieving the goal, before this decade is out, of landing a man on the moon and returning him safely to the earth. No single space project in this period will be more impressive to mankind, or more important for the long-range exploration of space; and none […]

Lack of security at Level 0/1: problem of awareness or unwillingness to change priorities?

Critical Infrastructure, Policy 18-March-2021 Vytautas Butrimas

To be honest I was planning to write about unintentional cyber incidents in critical infrastructure and the need to pull away some of our attention from the sexy topic of cyber-attacks and cyber kill-chains. I changed my mind when I read Dale Peterson’s informative article on “Awareness Of Purdue Level 0 and 1 (In)Security” and […]