“Air-Gapping” IT and OT?

Following the Colonial Pipeline Ransomware incident, Twitter exploded in to an orgy of blather from people demanding that we “air-gap” ICS. Those righteous keyboard warriors know what is best, I’m sure. We cannot avoid having a secured connection with the office. But on the other hand, we don’t need ICS networks to be connected to […]

Are your buildings and cloud cyber secure?

Many data centers that support the cloud as well as commercial buildings have not adequately addressed control system cyber security. The lack of adequately addressing building control system cyber security was demonstrated to have caused very significant financial and potentially safety impacts. When you consider these control system cyber threats can affect multiple buildings, the […]

Can We Trust Control Systems Networks?

Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, was quoted by Adam Mazmanian in FCW on April 8, 2021 saying “We picked control systems because those are the systems that control water systems, power systems, chemical systems, across the U.S. And we’re seeking to have visibility on those networks to detect anomalous […]

Security Encabulation

For a number of years, work has been proceeding to perfect to the crudely conceived idea of a security augmentation system that would not only supply reverse DNS lookup for use in gratuitous ARP regeneration, but would also be capable of automatic stochastant intelligence. Such a computationless process is the security encabulator. Now basically the […]

Observations from 2021 SANS ICS Cyber Security Conference

The 2021 SANS ICS Cyber Security Conference was held March 4-5, 2021 with almost 9,000 registrants globally. The Conference thoroughly addressed OT networking issues. However, cyber security issues associated with Level 0,1 devices were not as adequately understood and addressed. There was also almost no discussion of the hardware backdoors in the Chinese-made transformers. My […]

Texas power outages demonstrate grid cyber vulnerability and inadequacy of existing regulations

Recent Texas power outages and the loss of both electricity and water across Texas demonstrate how vulnerable ERCOT and Texas are to not only natural disasters such as snowstorms and hurricanes but also manmade and malicious activities. More than that, it also demonstrates the vulnerability of the entire U.S. Energy grid. The good news is […]

CISA Hits a Home Run!

In their Water and Wastewater Systems Security Recommendations, CISA touched on a subject that I rarely ever see anywhere: Before working on security, it helps to make the automation and the process more resilient. Even more important, the automation should actively refuse certain toxic moves. Yes, CISA was recommending that all Automation be made safer. […]

SCADA Apologists?

I really wish things were as simple as Dale Peterson makes them out to be. I’m not an apologist for the security situation among industrial control systems. But if all we had to do is lift a pen and sign off a few dozen checks, the security issue would have been done and gone already. […]