There are various threat scenarios which confront our entire national critical infrastructures that involve insecure process sensors. These scenarios can lead to loss of safety and resilience and to be addressed.
The key to a much brighter future of our profession depends upon management providing the funding and support and millennials seeking to improve process performance by the use of the best automation and process control. There are some common approaches to these seemingly very different groups.
Dale Peterson had a twitter poll on DigitalBond.com asking what people think about the availability of security in sensors, actuators, instruments (Purdue Model Level 0 devices). The response was that most people agreed there was no security. So why isn’t there more of a drive to address this deficiency?
For ICS cyber security, Operations, cyber security, physical security, and risk management organizations need to coordinate and training is required for Operations to know when to work with IT Security following upset conditions.
ICS cyber threats are morphing from malware/insecure-by-design issues that can be found by network monitoring to compromise of system or component functionality which can be very difficult to detect, can cause significant physical damage and injuries, and probably cannot be found by network monitoring.
I will be giving a presentation at Defcon’s ICS Village Saturday July 29 at 2pm on cyber security of process sensing. As I have not attended Black Hat or Defcon before, I am looking forward to the experience.
Compromising process sensors can, and have, contributed to unintentional and malicious cyber events. There is a need to monitor process sensors to validate process conditions and know whether malware or other issues have caused impacts to the process.
If large equipment such as generators or transformers are damaged in a cyber attack, not only can it take many months to build new equipment, it could take weeks just to get it to the facility site because of the size of the equipment.
I did a podcast for Security Ledger on my thoughts about the recent hacking of Wolf Creek and other “ICS” facilities. The bottom line is the “means” exist for hacking control systems and causing damage. The question is the motive to do so. The podcast can be found at https://soundcloud.com/securityledger/joe-weiss-on-grid-attacks-and-critical-infrastructure-security.
Here we look at a myriad of metrics on process and control loop performance and show how to see through the complexity and diversity to recognize the commonality and underlying principles. We will see how dozens of metrics simplify to two classes each for the process and the loop.