Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.
I have seen few attempts to provide guidance to end-users about common issues with control system cyber incidents that transcend industries and even national boundaries. The following discussion is about a domestic fossil plant cyber incident and its commonality to several other power plant cyber incidents.
The NERC CIP cyber security standards were developed to increase the cyber security and reliability of the electric grid. Unfortunately, they are not doing either. Utilities need to have the freedom to implement the proper infrastructure and cyber security appropriate to maintaining a reliable system without the fear of legal...
The interconnected networking of control and safety systems is making critical safety systems more productive, but more cyber vulnerable, and potentially less safe. Many cyber threats have not been modelled to the same degree as physical safety-related threats including the potential consequences from varying types of cyber attacks.
With all of the focus on cyber security one could expect that DHS is doing a credible job in helping to protect our country. In July 2014, DHS made an error by declassifying much of the Idaho National Lab (INL) Aurora documentation from FOUO to Unclassified. DHS stated the documents...
December 16th, I was hosted by the Center for Cyberspace Research at AFIT to deliver a lecture on ICS cyber security which appeared to be well-received. The lecture was from the perspective of the industrial community. In my view, AFIT is one of the technical leaders in defending ICSs.
December 2nd, I gave a lecture at the Fraunhofer Institute in Darmstadt, Germany on ICS cyber risk. December 9th, I gave a lecture on ICS cyber forensics. The main page for the lecture series is:http://www.ec-spride.tu-darmstadt.de/en/colloquium-industrie4.0/. The video for your first lecture is:https://openlearnware.hrz.tu-darmstadt.de/#!/resource/caveats-in-risk-assessment-in-the-context-of-cyber-attacks-2870
December 2nd, the Cylance report on OpCleaver, Iran attacking critical infrastructures was made public. Unfortunately, the organizations reponsible for protecting our critical infrastructures do not appear to be taking this threat seriously.
The Nuclear Energy Institute (NEI) has filed a rulemaking proposal with the NRC to REDUCE the number of systems and components to assess for cyber security. Given that nuclear plants are such high value targets and there are so many current malware attacks against control systems, this doesn't make any sense.