OT Security Detects a Problem: Now What?

Let’s fast forward in to the near future. The network configuration is well documented. The hashes of all code are known and recorded. Firewalls have been installed in appropriate places. The network traffic rates and patterns are known and monitored.  Physical LAN port statuses are monitored. In other words the control systems integrity is monitored […]

Succession Planning

After 31 years at the Washington Suburban Sanitary Commission (WSSC) I’m eligible to retire. I will be starting a new position at Jacobs Engineering next month. My kids are looking at colleges and frankly, I need the money. I would happily stay with WSSC if I could afford to, but I can’t. In case you […]

Fun with Fiber Optics

I was swapping out a router today. Our old ones have served us long and well, but the vendor is no longer supporting them as they used to. We also had some creatures that I wanted to get rid of. On the wall in the telecommunications shelter there were three cheap 100Base-FX to 100BaseT converters, […]

I/O commissioning and testing

I rant a lot about I/O testing and design. This is a discussion (and more ranting) of some of the tests and practices we do following construction and later during the maintenance cycle to ensure that the controls, and alarms will work as expected. Before I begin, one might wonder if embedded controllers or RTUs […]

SCADA as a Service in the Cloud

As I have pointed out earlier, infrastructure should not become reliant upon other infrastructure. The reason is to avoid common failure modes and to make restoral more straightforward and less inter-reliant. This is why I have been looking at the SCADA-as-a-Service (SaaS) and Cloud SCADA with great skepticism. Let’s start with some obvious questions. Are […]

The SCADA system of Everything?

One of my broad based philosophical warnings to anyone new to the SCADA business is that utility SCADA is Infrastructure. Infrastructure should depend on as few other infrastructural features as possible. The more interdependent they are, the more likely it will be that something in common will break communications for all dependencies and the work […]


People who build SCADA systems over local and wide area networks seem to have this notion that bandwidth and latency are not limiting factors, and security is a problem for someone else. Oh, if only that were true. The first thing everyone should do when working with a new RTU is to disable the services […]