George Cotter (formerly Chief Scientist for the National Security Agency) and I briefed the FERC Commissioners on cyber threats and cyber incidents affecting the grid. The cyber security regulations fail to include a requirement that utilities (or nuclear plants) remove malware found in their networks.
I will be giving the keynote presentation February 22nd in Washington DC at the National Academies of Science, Engineering, and Medicine Conference on Critical Infrastructure Security: The Role of Public-Private Partnerships.
The advent of smart transmitters has reduced the effect of large measurement spans on accuracy but most measurement accuracies are still a function of per cent of span, albeit possibly detailed by more sophisticated equations than simply the error being a percent of span. Bigger considerations these days concern the effect...
Process instrumentation and other field devices generally have minimal cybersecurity protection but can have VERY significant impacts. Security researchers have demonstrated the ability to compromise these devices on wired and wireless networks.
January 15, 2016, CyberWire published an interview with me on the implications of the Ukrainian power grid cyber attack and other current ICS cyber security issues - http://thecyberwire.com/interviews/interview_with-Joe-Weiss.html
The Journal of the Naval PostGraduate School Center for Homeland Defense and Security published an article assessing homeland security risks. The study does not adequately address control system cyber security.
Composition, pH and temperature loops that largely determine product quality have a hidden factor that affects the loop linearity and particularly the ability to perform well at low production rates. Here we detail the factor, the consequences and the solutions for continuous unit operations and fed-batch reactions.
Moody’s, S&P, and insurance companies are starting to consider cyber risk strongly implying the Board of Directors of industrial companies and ICS vendors can be expected to have to explicitly address ICS cyber security.
There is at least one control system vendor that has addressed cyber security as part of its initial design. I think it is important to acknowledge that it is possible to build a more secure control system from initial design that addresses known control system cyber vulnerabilities.