Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
December 30, 2016, the Washington Post broke the story: “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say”. There are numerous questions and concerns that arise from this story as malware has been in the US electric grids since at least 2014.
In early 2016, ExxonMobil approached The Open Group to initiate a new open standards activity for a standards based, secure control system. From March to September 2016, ExxonMobil and staff of The Open Group established a “coalition of the willing” comprising end-users in the process control industries and their key suppliers.
In preparation for a new book, I was able to find information about an actual Aurora event. The event affected a non-utility facility (no generator involved) where it experienced multiple Aurora events over a multi-day span resulting in damage to motors.
According to “official” sources, the US electric grid has never been cyber attacked. However, that is not true. There have been several cases where nation-states and others (not identified) have cyber attacked the US electric grid.
The 2016 ICS Cyber Security Conference was held October 24-27, 2016 at Georgia Tech in Atlanta. The agenda can be found at www.icscybersecurityconference.com. Attendees represented multiple world-wide industries, defense, ICS vendors, cyber security vendors, cyber security researchers, consultants, and educators.
The demonstration of hacking the SEL751A not only showed how the system could be hacked and the operator “blinded” but also offered a solution. An SEL conference attendee, under the pretense of asking a question, told the audience the test was rigged to make the relay fail which was not...