Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
PG&E is now a convicted felon, fined $3Million, and required to have a monitor for their natural gas operations (beyond the oversite of the CPUC). Additionally, the judge ordered PG&E to serve five years of probation, and PG&E must run a three month advertising campaign on television publicizing PG&E’s convictions.
January 11-13, 2017, Texas A&M held the first Cybersecurity of Critical Infrastructure Summit for Energy and Manufacturing - https://cybersecurity.tamu.edu/cybersummit2017. I believe this Conference showed that, with understanding, there is a desire to address ICS cyber security issues.
Unintended consequence of control system cyber issues have resulted in significant injuries and deaths in medical devices. Just like industrial applications, the root causes were not identified for months to years.
December 30, 2016, the Washington Post broke the story: “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say”. There are numerous questions and concerns that arise from this story as malware has been in the US electric grids since at least 2014.
In early 2016, ExxonMobil approached The Open Group to initiate a new open standards activity for a standards based, secure control system. From March to September 2016, ExxonMobil and staff of The Open Group established a “coalition of the willing” comprising end-users in the process control industries and their key suppliers.
In preparation for a new book, I was able to find information about an actual Aurora event. The event affected a non-utility facility (no generator involved) where it experienced multiple Aurora events over a multi-day span resulting in damage to motors.
According to “official” sources, the US electric grid has never been cyber attacked. However, that is not true. There have been several cases where nation-states and others (not identified) have cyber attacked the US electric grid.