DNI identifies Chinese transformers as cyber vulnerable risks yet DOE and industry ignore the threat

A DNI National Intelligence Estimate states: “Deployment of utility-scale solar and wind technologies in remote areas is likely to require ultra-high-voltage transmission lines to move the power to cities. China is the world’s leading supplier of advanced grid components for ultrahigh-voltage systems, such as transformers, circuit breakers, and inverters, which we assess creates cyber vulnerability […]

Comments to the US Secretary of Energy’s Advisory Board on lack of process sensor cyber security

October 28, 2021, I gave a presentation to the US Secretary of Energy’s Advisory Board (SEAB) on the need for process sensor monitoring. The SEAB meeting can be found at  https://www.energy.gov/seab/seab-meetings as well as my prepared presentation. My short presentation is at approximately the 1 Hour 20-minute timeframe. In the SEAB meeting, DOE was looking […]

Electric distribution reclosers can be cyber compromised to cause devastating wildfires

October 13, 2021, the San Jose Mercury News had the following headline: “High-wire act for PG&E: balancing safety, reliability”. PG&E is facing lawsuits and pleaded guilty to 84 counts of voluntary manslaughter in a 2018 blaze that nearly destroyed the town of Paradise. Consequently, PG&E is taking a zero-tolerance approach to “arcing,” which happens when […]

IIOT session on control system cyber security – Why hasn’t control system cyber security been solved yet?

October 6, 2021, 2-2:55pmEastern, I will be moderating a session on control system cyber security entitled “Why haven’t we solved control system cyber security yet?”  The session was originally entitled “Protection for SCADA systems, plant control systems, PLCs, and other field control devices”. However, the title and session direction changed when it was recognized that […]

Iran is aware of electric substation cyber threats and vulnerabilities

Mojtaba S. is a project manager, consultant, and industrial security specialist for the Electric Industry of Iran for the past 8 years. His well-written article, “Detecting Cyber Intrusions in Substation Networks,”  demonstrates detailed knowledge of electric substation designs, protocols, and cyber vulnerabilities.  Russia compromised a US water system and has been in the U.S. grids since […]

Formal response to FERC Complaint EL21-99-000 on Chinese equipment in the US grid

September 13, 2021, I submitted my response to the FERC Complaint EL21-99-000 on the use of Chinese-made equipment for critical equipment used in the US grid. The equipment identified can be used in many other critical infrastructures such as water/wastewater, pipelines, oil/gas, and manufacturing. – https://www.controlglobal.com/blogs/unfettered/formal-response-to-ferc-complaint-el21-99-000-on-chinese-equipment-in-the-us-grid

Do the Chinese “own” our electric grids and other infrastructures?

The national focus on cyber security has been on data breaches including ransomware which is what precipitated the August 25, 2021, White House Cyber security meeting. For IT networks, the focus on data breaches is sufficient. However, the real concern for critical infrastructures is not data breach but equipment damage that can cause very extended […]

World Federation of Scientists (WFS) Permanent Monitoring Panel – Mitigation of Catastrophic Risk

August 24th, 2021, I will be on an Engineering Infrastructure Resilience Panel discussing Cyber-Physical Security of Critical Infrastructures – Catastrophic Risks and Mitigation Strategies. Panelists will include Walter Grayman, Ali Mosleh from UCLA, Shaikha Al-Sanad from the Kuwait Institute for Scientific Research, Andrew Ohrt from West Yost, John Organek from the EIS Council, and myself. […]

US critical infrastructure cyber security is backwards – it’s the process that counts not the data

With the never-ending, and too often successful, attacks on critical infrastructure networks, there needs to be a better way to protect control systems and the processes they monitor and control. The fallacy about critical infrastructure cybersecurity is that the Internet Protocol (IP) networks are needed to keep lights on, water flowing, etc. July 28, 2021, […]