Results from ThreatConnect webinar on mitigating risks in critical infrastructures and on-going actual risks

July 21, 2021, I participated in a live webinar discussion, hosted by ThreatConnect’s Dan Verton, on mitigating risk in critical infrastructures with Bob Kolasky from DHS CISA and Tim Grieveson from Aveva. The webinar link can be found at ThreatConnect Podcast Ep. 21: Mitigating Cyber Risk in Critical Infrastructures  I met Dan in 2001 when […]

Sensor monitoring technology can make critical infrastructures less attractive targets for ransomware

Ransomware and other IT-originated cyberattacks can affect control systems when IT networks are connected to OT networks or insecure IOT devices are connected to OT networks. Off-line sensor monitoring technology doesn’t stop a ransomware attack, rather the technology is oblivious to the ransomware or IT attack. The off-line process sensor monitoring can provide real time […]

It may not be possible to recognize a “Cyber Pearl Harbor” as a cyber event

Ransomware attacks will continue to occur as they are so profitable. Unlike control system cyberattacks, network cyberattacks are short-lived as they do not damage critical hardware which is why network cyberattacks are not a “Cyber Pearl Harbor”.  Yet that is the government and industry’s focus. For control systems, it is the opposite. When a control […]

Time to start thinking of your operations as a target

“Whenever you do a thing, act as if all the world were watching”[1] – Thomas Jefferson Jake Brodsky shared an article about another water utility incident and went on to write a blog about it (  ).  Both of these got me thinking.  Assuming there is a desire for achieving excellence is there something […]

Yet Another Water Plant at Risk?

It’s Thursday, June 17th and yet another water utility got hacked using Teamviewer and an account that should have been removed. Ladies and Gentlemen of the water utility business: Please get more serious about how you manage remote access. If you don’t absolutely need it, don’t use remote access software. If you have people on […]

PLC TOP20 Programming Tips

Among the tribes of engineers, there are certain things we just have to learn by doing. One of them is PLC programming. Somehow, we engineers are expected to emerge from college knowing good practices for programming a PLC. Some of us older engineers learned to program using FORTRAN. If we were lucky, we learned about […]

June 8th and 9th virtual keynotes to cyber security conferences – gaps between networking and engineering

June 8th, I will be giving a keynote at the Cyber Observatory IOT and ICS conference ( I also will be participating in an executive roundtable on supply chain. Also on June 8th, I will be on a panel session June 8th and giving a keynote June 9th at the 2021 New York State Cyber […]