All Blogs

Highlights from the 2014 ICS Cyber Security Conference

The highlights from the 2014 ICS Cyber Security Conference can be found at Conference presentations and discussions included actual ICS cyber incidents, new ICS cyber vulnerabilities, and new ICS cyber security technologies.

PID Form Trick or Treat Tips

Not knowing the implications of the PID Form in an existing control system being migrated or the PID Form learned in a University course can cause gross errors in the tuning parameters and potential instability. The PID Form predominantly used today is not the Form in most of the controllers...

HART - We have an App for that

Innovative HART communications specialty company ProComSol announced earlier this month that they now have an Android based application that when combined with their Bluetooth modem allows any Android Ice Cream Sandwich based system to be used as a handheld communicator for any HART 7 or earlier device.

The Chinese truly are attacking our critical infrastructure

There have been many reports of the Chinese and others attacking our critical infrastructure.  Bob Radvanovsky from Infracritical acquired some Ruggedom switches from E-Bay and set up a network emulating a well pumping station. Within 2 hours of connecting the systems, he was being attacked primarily from China.

The agenda for next week's Conference is being finalized - new issues continue to occur

The near-final agenda is now available at In finalizing the agenda, one of the presenters will provide very recent results of an ICS honeypot that is being attacked from China. The Chinese were trying to take both root and administrative access to very popular substation communication devices.

International nuclear plant cyber security standards meetings

October 7-9, I attended the IEC TC45A meetings on nuclear plant cyber security. The nuclear plant standards still need to be more control-system focused and to address both malicous and unintentional cyber incidents.

What Is ICS Cybersecurity – You Don't Need Digital Assets

Determination of the potential impact that a cyber incident may have on the ICS should incorporate analysis of all non-digital control mechanisms and the extent to which they can mitigate potential negative impacts to the ICS.

Unintentional ICS cyber incidents have had significant impacts on nuclear plants – why aren’t they being addressed

The IEC TC45A nuclear plant cyber security draft standard and the US NEI-0809 guidance explicitly exclude non-malicious cyber incidents. However, the Three Mile Island accident was an unintentional control system cyber incident in part caused by erroneous instrumentation information.

Measurement Location Tips

The question for the day is where to locate measurements. My first choice would be a Caribbean island but if the plant is not there, the sensing or sample lines and the associated transportation delays would be quite long.

The DRAFT agenda for the October ICS Cyber Security Conference is now available

The DRAFT agenda for the 14th ICS Cyber Security Conference the week of October 20th at Georgia Tech in Atlanta is now available at The Conference and topics are very timely given the pervasive misinformation that continues to appear.